-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GUID mapping table wrong #3
Comments
Thanks...I have identified a couple of spots that need some touch ups. It's actually an odd occurrence as all of these GUIDs were pulled from a live environment and verified against others. I have some code that isn't yet committed that will fix the main GUIDs that are consistent based on the schema definition files, and to dynamically grab the ones that are not static. |
Thank you for your feedback.
So you have to change indexing of the table and combine OBJ_guid and OBJ_adtype to ensure uniqueness.
|
Will double check that. This table is actually only used for two purposes; as a foreign key to ensure valid values are selected for task group mapping, and to set the actual ACLs related to a given object. When setting the ACLs, I only use the friendly name as a lookup, via the hash table post import, as the ACLs need the GUIDs...so long as the correct GUID is returned when I perform the lookup, it should be mostly ok. The challenge I ran into however, is that things like the attributes used by the MS LAPS solution use dynamic generation of the GUID at the time the schema is extended. This is against Microsoft guidelines for authoring of schema extensions, but I have found several other cases where MS internal teams decided to ignore that. I actually have a to-do item to create an initial load function that will validate the values in the DB and update if needed. The current working copy of the code has work arounds for the LAPS attributes specifically. Incidentally, there is also an update in the code logic required to support object creation and deletion that I need to finish, which is due to the changes MS made in their December 2022 security update. The ACLs now have to be set slightly differently, and there is a bug when deleting computer objects for Azure IaaS systems, which have child objects. Always more to do than time in the day lol. |
The guids for extended rights stored in are wrong.
You may update using the following process:
The text was updated successfully, but these errors were encountered: