summaryrefslogtreecommitdiff
path: root/source4/scripting/bin/upgradeprovision
diff options
context:
space:
mode:
Diffstat (limited to 'source4/scripting/bin/upgradeprovision')
-rwxr-xr-xsource4/scripting/bin/upgradeprovision15
1 files changed, 13 insertions, 2 deletions
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index de0ad5e3e7..68d84a970d 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -813,7 +813,7 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid):
identic_rename(samdb, reference[0].dn)
current = samdb.search(expression="dn=%s" % (str(dn)), base=basedn,
scope=SCOPE_SUBTREE,
- controls=["search_options:1:2"])
+ controls=controls)
delta = samdb.msg_diff(current[0], reference[0])
@@ -897,7 +897,18 @@ def update_present(ref_samdb, samdb, basedn, listPresent, usns, invocationid):
if attrUSN is None:
delta.remove(att)
continue
-
+ if att == "nTSecurityDescriptor":
+ cursd = ndr_unpack(security.descriptor,
+ str(current[0]["nTSecurityDescriptor"]))
+ cursddl = cursd.as_sddl(names.domainsid)
+ refsd = ndr_unpack(security.descriptor,
+ str(reference[0]["nTSecurityDescriptor"]))
+ refsddl = cursd.as_sddl(names.domainsid)
+
+ if get_diff_sddls(refsddl, cursddl) == "":
+ message(CHANGE, "sd are identical")
+ else:
+ message(CHANGE, "sd are not identical")
if attrUSN == -1:
# This attribute was last modified by another DC forget
# about it