Share via

2.45 Attribute objectSid

  • Article

This attribute specifies a binary value that specifies the security identifier (SID) of a security principal object. The SID is a unique value used to identify security principal objects. For more information on the SID data type, refer to [MS-DTYP] section 2.4.2. SID usage is also discussed in [MS-ADTS], in particular in section 3.1.1.1.3.

Because this is an attribute of String(SID) syntax, an application writing to this attribute via the LDAP protocol can specify a value for this attribute as a valid SDDL SID string, as specified in [MS-ADTS] section 3.1.1.3.1.2.5. The directory service will convert that value to its binary value equivalent.

 cn: Object-Sid
 ldapDisplayName: objectSid
 attributeId: 1.2.840.113556.1.4.146
 attributeSyntax: 2.5.5.17
 omSyntax: 4
 isSingleValued: TRUE
 schemaIdGuid: bf9679e8-0de6-11d0-a285-00aa003049e2
 systemOnly: TRUE
 searchFlags: fPRESERVEONDELETE | fATTINDEX
 rangeLower: 0
 rangeUpper: 28
 attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
 mapiID: 32807
 isMemberOfPartialAttributeSet: TRUE
 systemFlags: FLAG_SCHEMA_BASE_OBJECT | 
  FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
 schemaFlagsEx: FLAG_ATTR_IS_CRITICAL

Version-Specific Behavior: First implemented on Windows 2000 Server operating system.

In Windows 2000 Server, the following attributes are defined differently:

 systemOnly: FALSE

The schemaFlagsEx attribute was added to this attribute definition in Windows Server 2008 operating system.