identic_rename(samdb, reference[0].dn)
current = samdb.search(expression="dn=%s" % (str(dn)), base=basedn,
scope=SCOPE_SUBTREE,
- controls=["search_options:1:2"])
+ controls=controls)
delta = samdb.msg_diff(current[0], reference[0])
if attrUSN is None:
delta.remove(att)
continue
-
+ if att == "nTSecurityDescriptor":
+ cursd = ndr_unpack(security.descriptor,
+ str(current[0]["nTSecurityDescriptor"]))
+ cursddl = cursd.as_sddl(names.domainsid)
+ refsd = ndr_unpack(security.descriptor,
+ str(reference[0]["nTSecurityDescriptor"]))
+ refsddl = cursd.as_sddl(names.domainsid)
+
+ if get_diff_sddls(refsddl, cursddl) == "":
+ message(CHANGE, "sd are identical")
+ else:
+ message(CHANGE, "sd are not identical")
if attrUSN == -1:
# This attribute was last modified by another DC forget
# about it