[MS-ADTS]: Active Directory Technical Specification

This topic lists Errata found in [MS-ADTS] since it was last published. Since this topic is updated frequently, we recommend that you subscribe to this RSS feed to receive update notifications. Errata are subject to the same terms as the Open Specifications documentation referenced.	RSS

To view a PDF file of the errata for the previous versions of this document, see the following ERRATA Archives:

October 16, 2015 - Download

June 30, 2015 - Download

July 18, 2016 - Download

March 20, 2017 - Download

September 15, 2017 - Download

December 1, 2017 - Download

March 16, 2018 - Download

September 12, 2018 - Download

March 13, 2019 - Download

March 4, 2020 - Download

August 24, 2020 – Download

April 7, 2021 - Download

April 29, 2022 - Download

Errata below are for Protocol Document Version V56.0 – 2023/01/20.

Errata Published*	Description
2023/04/24	Section: 6.1.6.7.15 trustType Description: Specified additional supported operating systems in [MSKB-5026362] & [MSKB-5026370]; for recently added trustType definition TTAAD (TRUST_TYPE_AAD, 0x00000005), for trusted domain: Azure Active Directory. Changed from: TTDCE (TRUST_TYPE_DCE, 0x00000004): Historical reference; this value is not used in Windows. Changed to: TTDCE (TRUST_TYPE_DCE, 0x00000004): Historical reference; this value is not used in Windows. TTAAD (TRUST_TYPE_AAD, 0x00000005): The trusted domain is in Azure Active Directory. Note: This trustType is supported by the operating systems specified in [MSKB-5025305], [MSKB-5025298], [MSKB-5025297], [MSKB-5026362], and [MSKB-5026370], each with its related MSKB article download installed.
2023/04/10	Section: 6.1.6.7.15 trustType Description: Added new trustType definition TTAAD (TRUST_TYPE_AAD, 0x00000005) for trusted domain Azure Active Directory applications. Changed from: TTDCE (TRUST_TYPE_DCE, 0x00000004): Historical reference; this value is not used in Windows. Changed to: TTDCE (TRUST_TYPE_DCE, 0x00000004): Historical reference; this value is not used in Windows. TTAAD (TRUST_TYPE_AAD, 0x00000005): The trusted domain is in Azure Active Directory. Note: This trustType is supported by the operating systems specified in [MSKB-5025305], [MSKB-5025298], and [MSKB-5025297]; each with its related MSKB article download installed.
2023/02/27	Section 1 Introduction Description: Mapped the applicability of Windows 10 v21H2 operating system to Windows Server 2022 for the new rootDSE attributes. Changed from: Information that is applicable to AD LDS on Windows Server v1903 is also applicable to AD LDS for Windows 10 v1903. Changed to: Information that is applicable to AD LDS on Windows Server v1903 is also applicable to AD LDS for Windows 10 v1903. Information that is applicable to AD LDS on Windows 2022 Server is also applicable to AD LDS for Windows 10 v21H1 client and Windows 10 v21H2 client. Section 3.1.1.3.2 rootDSE Attributes Description: Added operating system applicability for Windows Server 2022 AD DS and Windows Server AD LDS to the product applicability list; added 3 new rootDSE attributes to the 'Attribute' table and to the 'Attribute | Operational? | LDAP Syntax' table to assist in user database optimizations. Added note to indicate the supporting operating systems specified in [MSKB-5023705], [MSKB-5023702], [MSKB-5023706], [MSKB-5023698], and [MSKB-5023696]. (Product applicability list) Changed from: ● N2 --> Windows Server v1903 AD DS Changed to: ● N2 --> Windows Server v1903 AD LDS ● P2 --> Windows Server 2022 AD DS ● Q2 --> Windows Server 2022 AD LDS (Attribute table) Changed from: msDS-SupportedRootDSEModifications X X Changed to: msDS-SupportedRootDSEModifications X X msDS-DiskUsage **** X X msDS-DatabaseIndices **** X X msDS-DatabaseIndicesWithSize **** X X **** The rootDSE attributes msDS-DiskUsage, msDS-DatabaseIndices, and msDS-DatabaseIndicesWithSize are supported by the operating systems specified in [MSKB-5023705], [MSKB-5023702], [MSKB-5023706], [MSKB-5023698], and [MSKB-5023696]; each with its related KB article download installed. (Attribute | Operational? | LDAP Syntax table) Changed from: msDS-SupportedRootDSEModifications Y String(Unicode) Changed to: msDS-SupportedRootDSEModifications Y String(Unicode) msDS-DiskUsage Y String(Unicode) msDS-DatabaseIndices Y String(Unicode) msDS-DatabaseIndicesWithSize Y String(Unicode) (New sections) Section 3.1.1.3.2.57   msDS-DiskUsage Description: Created new section to describe the disk usage and database table indices data carried by this rootDSE attribute; includes error handling and return value formatting of the instance. Added note to specify the operating systems that support the new rootDSE attributes. Note The rootDSE attributes msDS-DiskUsage, msDS-DatabaseIndices, and msDS-DatabaseIndicesWithSize are supported by the operating systems specified in [MSKB-5023705], [MSKB-5023702], [MSKB-5023706], [MSKB-5023698], and [MSKB-5023696]; each with its related KB article download installed. Section 3.1.1.3.2.58 msDS-DatabaseIndices Description: Created new section to describe the database table indices data carried by this rootDSE attribute; includes error handling and return value format of the instance. Section 3.1.1.3.2.59   msDS-DatabaseIndicesWithSize Description: Created new section to describe the database table indices and size data carried by this rootDSE attribute; includes error handling, and return format of the instance.
2022/01/18	Section 3.1.1.3.4.6 LDAP Policies Description: Added a new LDAP policy for SecurityDescriptorWarningSize to control when warning events will be logged for originating writes to the ntSecurityDescriptor attribute that meet or exceed a configured size value. Changed from: The table contains information for the following products. See section 3 for more information. .... Policy name A D, DR2, G, J M R U X, A2, D2, G2, J2 MaxActiveQueries X* InitRecvTimeout X X X X X X …. * Support for this policy was removed in Windows Server 2003. Changed to: The table contains information for the following products. See section 3 for more information. …. Policy name A D, DR2, G, J M R U X, A2, D2, G2, J2 MaxActiveQueries X* InitRecvTimeout X X X X X X …. SecurityDescriptorWarningSize** * Support for this policy was removed in Windows Server 2003. ** Support for this policy only exists on Windows 11 v22H2 and later. Changed from: Policy name Default value Description …. MaxDirSyncDuration 60 The maximum time, in seconds, that a DC will spend on a single search when using the LDAP_SERVER_DIRSYNC_OID or LDAP_SERVER_DIRSYNC_EX_OID controls. When this limit is reached, the DC returns a timeLimitExceeded / ERROR_INVALID_PARAMETER error. Changed to: Policy name Default value Description …. MaxDirSyncDuration 60 The maximum time, in seconds, that a DC will spend on a single search when using the LDAP_SERVER_DIRSYNC_OID or LDAP_SERVER_DIRSYNC_EX_OID controls. When this limit is reached, the DC returns a timeLimitExceeded / ERROR_INVALID_PARAMETER error. SecurityDescriptorWarningSize 61,440 This policy controls when warning events will be logged for originating writes to the ntSecurityDescriptor attribute that meet or exceed the configured size value.

*Date format: YYYY/MM/DD