I put more trace and I find the problem: defaultSecurityDescriptor was
not upgraded because previously I had a plan to make something rather
complicated with SD update that implied to have the previous SD.
So the story is solved no need to investigate more !
Sorry for the lost time on research ...
On 26/11/2009 20:06, Matthieu Patou wrote:
I'll need your help to help me to understand why I'm failling with the
upgradesprovision to correctly update some SD:
As all the other SD are OK I'm rather encline to think that the
update_sd does its job pretty well ... If you had a look at the
updateprovision.log you will see the DN then the updated SD and finally
the reference SDDL.
The SDDL share a lot but diverge on some points can you try to light my
Of course I also have problems with this but it's related to policy
object and we know that we still have a slight problem on one flag for
the SACL (so I'm not very nervous with this)
Of course let me know !