2.45 Attribute objectSid
This attribute specifies a binary value that specifies the security identifier (SID) of a security principal object. The SID is a unique value used to identify security principal objects. For more information on the SID data type, refer to [MS-DTYP] section 2.4.2. SID usage is also discussed in [MS-ADTS], in particular in section 3.1.1.1.3.
Because this is an attribute of String(SID) syntax, an application writing to this attribute via the LDAP protocol can specify a value for this attribute as a valid SDDL SID string, as specified in [MS-ADTS] section 3.1.1.3.1.2.5. The directory service will convert that value to its binary value equivalent.
-
cn: Object-Sid ldapDisplayName: objectSid attributeId: 1.2.840.113556.1.4.146 attributeSyntax: 2.5.5.17 omSyntax: 4 isSingleValued: TRUE schemaIdGuid: bf9679e8-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE searchFlags: fPRESERVEONDELETE | fATTINDEX rangeLower: 0 rangeUpper: 28 attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf mapiID: 32807 isMemberOfPartialAttributeSet: TRUE systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_REQ_PARTIAL_SET_MEMBER schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
Version-Specific Behavior: First implemented on Windows 2000 Server operating system.
In Windows 2000 Server, the following attributes are defined differently:
-
systemOnly: FALSE
The schemaFlagsEx attribute was added to this attribute definition in Windows Server 2008 operating system.