diff --git a/source4/dsdb/gmsa/util.c b/source4/dsdb/gmsa/util.c index ef67f6c162f..4397219eb78 100644 --- a/source4/dsdb/gmsa/util.c +++ b/source4/dsdb/gmsa/util.c @@ -1108,6 +1108,15 @@ static bool samdb_result_gkdi_rollover_interval(const struct ldb_message *msg, rollover_interval_out); } +/* + * Recalculate the managed password of an account. The account referred to by + * ‘msg’ should be a Group Managed Service Account. + * + * Updated passwords are returned in ‘update_out’. + * + * Pass in a non‐NULL pointer for ‘return_out’ if you want the passwords as + * reflected by the msDS-ManagedPassword operational attribute. + */ int gmsa_recalculate_managed_pwd(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const struct ldb_message *msg, @@ -1143,20 +1152,6 @@ int gmsa_recalculate_managed_pwd(TALLOC_CTX *mem_ctx, } *update_out = NULL; - { - /* Is the account a Group Managed Service Account? */ - const bool is_gmsa = dsdb_account_is_gmsa(ldb, msg); - if (!is_gmsa) { - /* It’s not a GMSA — we’re done here. */ - *update_out = NULL; - if (return_out != NULL) { - *return_out = (struct gmsa_return_pwd){}; - } - ret = LDB_SUCCESS; - goto out; - } - } - /* Calculate the rollover interval. */ ok = samdb_result_gkdi_rollover_interval(msg, &rollover_interval); if (!ok || rollover_interval == 0) { diff --git a/source4/dsdb/gmsa/util.h b/source4/dsdb/gmsa/util.h index ef14b423f3b..371bdf2c594 100644 --- a/source4/dsdb/gmsa/util.h +++ b/source4/dsdb/gmsa/util.h @@ -99,6 +99,15 @@ struct gmsa_return_pwd { NTTIME unchanged_interval; }; +/* + * Recalculate the managed password of an account. The account referred to by + * ‘msg’ should be a Group Managed Service Account. + * + * Updated passwords are returned in ‘update_out’. + * + * Pass in a non‐NULL pointer for ‘return_out’ if you want the passwords as + * reflected by the msDS-ManagedPassword operational attribute. + */ int gmsa_recalculate_managed_pwd(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const struct ldb_message *msg,