In this blog post, we want to address two scenarios customers have asked us about the Active Directory schema vulnerability detailed in our July 2021 security update announcement.
Note: This blog p...
Published Aug 05, 2021
Version 1.0
Blog Post
2 MIN READ
How to update AD schema to address CVE-2021-34470 if Exchange is very old or no longer installed
Hi,
Ran the script and it indeed found and fixed this vulnerability within our AD schema (we got rid of Exchange years ago). After running repadmin /showreps /verbose I get the following error. Any thoughts on this one? Will this self correct after some time? Thanks
CN=Schema,CN=Configuration,DC=our-domain,DC=com
Default-First-Site-Name\SVRDC19 via RPC
DSA object GUID: 542dfa59-2fed-4cb0-8108-fd1466060fa8
Address: 542dfa59-2fed-4cb0-8108-fd1466060fa8._msdcs.our-domain.com
DSA invocationID: dd5caf24-c7f2-4918-9371-6444ec14a7a8
SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
USNs: 11511636/OU, 11511636/PU
Last attempt @ 2021-08-06 15:08:17 was delayed for a normal reason, result 8542 (0x215e):
Schema information could not be included in the replication request.
Last success @ 2021-08-06 14:52:08.