3.1.1.1.3 Builtin Domain Principal View
To construct the Builtin Domain Principal View, the following columns from the associated domain database MUST be used:
sAMAccountName
sAMAccountType
objectSID
All objects that satisfy the following criteria MUST be part of this view:
All three columns in the preceding list MUST have values.
The value of the objectSID attribute MUST contain S-1-5-32 as its prefix.
The columns of such objects MUST be used to construct the Builtin Domain Principal View in the following manner:
Domain DNS Name, Additional Security Principal Name, User Principal Name, Default User Principal Names, and Security Principal SID History columns are left empty.
Security Principal SID is mapped from objectSID.
Security Principal Name is mapped from sAMAccountName.
Security Principal Type is mapped from sAMAccountType by using the following table.
sAMAccountType most significant 4 bits
Security Principal Type
0x3
SidTypeUser
0x1
SidTypeGroup
0x4 or 0x2: These values are treated identically by the protocol.
SidTypeAlias
Otherwise
SidTypeUnknown
Domain NetBIOS Name and Domain SID are mapped from the row of the Predefined Translation Database View whose security principal SID is S-1-5-32.
The following is an example of how this view is created:
An object that represents the administrators group.
Column
Value
sAMAccountName
Administrators
sAMAccountType
0x20000000
objectSID
S-1-5-32-544
The view created for that object.
Column
Value
Domain DNS Name
Domain NetBIOS Name
Builtin
Domain SID
S-1-5-32
Security Principal Name
Administrators
Additional Security Principal Name
Default User Principal Names
User Principal Name
Security Principal SID
S-1-5-32-544
Security Principal SID History
Security Principal Type
SidTypeAlias