Today I finally arrived into office after long time being on-site at customer’s office and I had some time to read blog feeds I’m subscribed to.
One of my ‘must read’ blogs is Joe’s blog and I’ve noticed some new entries there. Among them on which I found very interested, and everyone who is still running domain on Windows 2003 without SP1 (and there is a lot of such installations out there) should also read it.
Joe is referring to Steve’s Patrick blog entry, in which Steve is describing bug existing in Windows 2003 priori SP1, which allows to set TTL (yes, there is something like this for AD objects) for any object, not only dynamic objects. Dynamic Objects in AD are objects for which You can set TTL value, after which they will vanish from directory. There is dynamicClass object class in AD for which this was intended to do, but .. because of bug existing priori SP1 this attribute may be used on any class in Your directory.
Imagine … maybe let’s not imagine what can happen in directory when somebody would use this on some objects. Apply SP1 if you haven’t done it yet. Among other reasons to do this, this one is important.