Forest-Wide Updates
You can review the following set of changes to help understand and prepare for the schema updates that are performed when running adprep /forestprep
on Windows Server.
Beginning in Windows Server 2012, Adprep commands run automatically as needed during AD DS installation. They can also be run separately in advance of AD DS installation. For more information, see Running Adprep.exe.
Important
Forest-wide schema updates are performed cumulatively by adprep
. For example, operations 131 - 135 are performed before operations 136 - 142.
For more information about how to interpret the access control entry (ACE) strings, see ACE strings. For more information about how to interpret the security ID (SID) strings, see SID strings.
Windows Server 2016: Forest-wide updates
After the operations are performed by the /forestprep
switch in Windows Server 2016 (operations 136-142) are complete, the revision attribute for the CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=ForestRootDomain object is set to 16.
Operation number and GUID | Description | Attributes | Permissions |
---|---|---|---|
Operation 136: {328092FB-16E7-4453-9AB8-7592DB56E9C4} | Granting the CN=Send-As,CN=Extended-Rights to gMSA accounts. |
N/A | N/A |
Operation 137: {3A1C887F-DF0A-489F-B3F2-2D0409095F6E} | Granting the CN=Receive-As,CN=Extended-Rights to gMSA accounts. |
N/A | N/A |
Operation 138: {232E831F-F988-4444-8E3E-8A352E2FD411} | Granting the CN=Personal-Information,CN=Extended-Rights to gMSA accounts. |
N/A | N/A |
Operation 139: {DDDDCF0C-BEC9-4A5A-AE86-3CFE6CC6E110} | Granting the CN=Public-Information,CN=Extended-Rights to gMSA accounts. |
N/A | N/A |
Operation 140: {A0A45AAC-5550-42DF-BB6A-3CC5C46B52F2} | Granting the CN=Validated-SPN,CN=Extended-Rights to gMSA accounts. |
N/A | N/A |
Operation 141: {3E7645F3-3EA5-4567-B35A-87630449C70C} | Granting the CN=Allowed-To-Authenticate,CN=Extended-Rights to gMSA accounts. |
N/A | N/A |
Operation 142: {E634067B-E2C4-4D79-B6E8-73C619324D5E} | Granting the CN=MS-TS-GatewayAccess,CN=Extended-Rights to gMSA accounts. |
N/A | N/A |
Windows Server 2012 R2: Forest-wide updates
After the operations are performed by the /forestprep
switch in Windows Server 2012 R2 (operations 131-135) are complete, the revision attribute for the CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=ForestRootDomain object is set to 15.
Operation number and GUID | Description | Attributes | Permissions |
---|---|---|---|
Operation 131: {b83818c1-01a6-4f39-91b7-a3bb581c3ae3} | Created a new authentication policy configuration container object CN=AuthN Policy Configuration,CN=Services in the Configuration partition. |
- objectClass: container - displayName: Authentication Policy Configuration - description: Contains configuration for authentication policy. - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 132: {bbbb9db0-4009-4368-8c40-6674e980d3c3} | Created a new authentication policies object CN=AuthN Policies,CN=AuthN Policy Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-AuthNPolicies - displayName: Authentication Policies - description: Contains authentication policy objects. - showInAdvancedViewOnly: True |
(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA) (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) (A;;RPLCLORC;;;AU) |
Operation 133: {f754861c-3692-4a7b-b2c2-d0fa28ed0b0b} | Created a new authentication policy silos object CN=AuthN Silos,CN=AuthN Policy Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-AuthNPolicySilos - displayName: Authentication Policy Silos - description: Contains authentication policy silo objects. - showInAdvancedViewOnly: True |
(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA) (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) (A;;RPLCLORC;;;AU) |
Operation 134: {d32f499f-3026-4af0-a5bd-13fe5a331bd2} | Created a new authentication silo claim type object CN=ad://ext/AuthenticationSilo,CN=Claim Types,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ClaimType - displayname: AuthenticationSilo - name: ad://ext/AuthenticationSilo - Enabled: True - msDS-ClaimIsValueSpaceRestricted: True - msDS-ClaimIsSingleValued: True - msDS-ClaimSourceType: Constructed - msDS-ClaimValueType: 3 - msDS-ClaimTypeAppliesToClass: CN=User,CN=Schema,%ws - msDS-ClaimTypeAppliesToClass: CN=Computer,CN=Schema,%ws - msDS-ClaimTypeAppliesToClass: CN=ms-DS-Managed-Service-Account,CN=Schema,%ws - msDS-ClaimTypeAppliesToClass: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,%ws |
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA) (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) (A;;RPLCLORC;;;AU) |
Operation 135: {38618886-98ee-4e42-8cf1-d9a2cd9edf8b} | Set the msDS-ClaimIsValueSpaceRestricted attribute on new authentication silo claim type to false |
- msDS-ClaimIsValueSpaceRestricted: False |
N/A |
Windows Server 2012: Forest-wide updates
After the operations are performed by the /forestprep
switch in Windows Server 2012 (operations 84-130) are complete, the revision attribute for the CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=ForestRootDomain object is set to 11.
Operation number and GUID | Description | Attributes | Permissions |
---|---|---|---|
Operation 84: {4664e973-cb20-4def-b3d5-559d6fe123e0} | Created a new container CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: container |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 85: {2972d92d-a07a-44ac-9cb0-bf243356f345} | Created a new object CN=Claim Types,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ClaimTypes - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 86: {09a49cb3-6c54-4b83-ab20-8370838ba149} | Created a new object CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperties - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 87: {77283e65-ce02-4dc3-8c1e-bf99b22527c2} | Created a new container CN=Resource Property Lists,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: container - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 88: {0afb7f53-96bd-404b-a659-89e65c269420} | Created a new object CN=Sam-Domain in the Schema partition. |
N/A | Created the following access control entry (ACE) to grant Write Property to Principal Self on the object:
|
Operation 89: {c7f717ef-fdbe-4b4b-8dfc-fa8b839fbcfa} | Created a new object CN=Domain-DNS in the Schema partition. |
N/A | Created the following access control entry (ACE) to grant Write Property to Principal Self on the object:
|
Operation 90: {00232167-f3a4-43c6-b503-9acb7a81b01c} | Call back function to upgrade display specifiers. | N/A | N/A |
Operation 91: {73a9515b-511c-44d2-822b-444a33d3bd33} | Created a new container CN=Microsoft SPP,CN=Services in the Configuration partition. |
- objectClass: container - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 92: {e0c60003-2ed7-4fd3-8659-7655a7e79397} | Created a new Activation Objects container CN=Activation Objects,CN=Microsoft SPP,CN=Services in the Configuration partition. |
- objectClass: msSPP-ActivationObjectsContainer - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 93: {ed0c8cca-80ab-4b6b-ac5a-59b1d317e11f} | Created a new Central Access Policies container CN=Central Access Policies,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msAuthz-CentralAccessPolicies - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 94: {b6a6c19a-afc9-476b-8994-61f5b14b3f05} | Created a new Central Access Policy Entries container CN=Central Access Rules,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msAuthz-CentralAccessRules - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 95: {defc28cd-6cb6-4479-8bcb-aabfb41e9713} | Created a new Group Key Distribution service container CN=Group Key Distribution Service,CN=Services in the Configuration partition. |
- objectClass: container - description: The container contains configuration and data for Group Key Distribution Service. - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 96: {d6bd96d4-e66b-4a38-9c6b-e976ff58c56d} | Created a new Master Root Keys container CN=Master Root Keys,CN=Group Key Distribution Service,CN=Services in the Configuration partition. |
- objectClass: container - description: The container contains master root keys for Group Key Distribution Service. - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU )(A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 97: {bb8efc40-3090-4fa2-8a3f-7cd1d380e695} | Created a new Server Configuration container CN=Server Configuration,CN=Group Key Distribution Service,CN=Services in the Configuration partition. |
- objectClass: container - description: The container contains Group Key Distribution Service configurations. - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 98: {2d6abe1b-4326-489e-920c-76d5337d2dc5} | Created a new Empty server configuration objects container CN=Group Key Distribution Service Server Configuration,CN=Server Configuration,CN=Group Key Distribution Service,CN=Services in the Configuration partition. |
- objectClass: msKds-ProvServerConfiguration - description: The configuration of cryptography algorithms used by Group Key Distribution Service. - msKds-Version: 1 - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 99: {6b13dfb5-cecc-4fb8-b28d-0505cea24175} | Created a new Claims Transformation Policies configuration container CN=Claims Transformation Policies,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ClaimsTransformationPolicies - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 100: {92e73422-c68b-46c9-b0d5-b55f9c741410} | Created a new Value Types configuration container CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: container - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 101: {c0ad80b4-8e84-4cc4-9163-2f84649bcc42} | Created a new SinglevaluedChoice value type configuration object CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ValueType - description: You can use this type to author a resource property. When assigning value to a resource property of this value type, a user can choose only one entry from a list of suggested values. - displayname: Single-valued Choice - msDS-ClaimValueType: 3 - msDS-ClaimIsValueSpaceRestricted: True - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: True - showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 102: {992fe1d0-6591-4f24-a163-c820fcb7f308} | Created a new YesNo value type configuration object CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ValueType - description: The valid values for this type are Yes or No. - displayname: Yes/No - msDS-ClaimValueType: 6 - msDS-ClaimIsValueSpaceRestricted: False - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: False - showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 103: {ede85f96-7061-47bf-b11b-0c0d999595b5} | Created a new Number value type configuration object CN=MS-DS-Number,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ValueType - description: You can use this type to author resource properties that contain a single number. - displayname: Number - msDS-ClaimValueType: 1 - msDS-ClaimIsValueSpaceRestricted: False - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: False - showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 104: {ee0f3271-eb51-414a-bdac-8f9ba6397a39} | Created a new DateTime value type configuration object CN=MS-DS-DateTime,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ValueType - description: You can use this type to author resource properties that are of the date and time format. - displayname: Date Time - msDS-ClaimValueType: 1 - msDS-ClaimIsValueSpaceRestricted: False - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: False - showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 105: {587d52e0-507e-440e-9d67-e6129f33bb68} | Created a new OrderedList value type configuration object CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ValueType - description: You can use this type to author resource properties that contain a single choice entry that can be compared to other resource properties of the same type. A user typically chooses the entry from a list of ordered suggested values that are provided by ms-DS-Claim-Possible-Values on the resource properties. - displayname: Ordered List - msDS-ClaimValueType: 1 - msDS-ClaimIsValueSpaceRestricted: True - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: True - showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 106: {ce24f0f6-237e-43d6-ac04-1e918ab04aac} | Created a new Text value type configuration object CN=MS-DS-Text,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ValueType - description: You can use this type to author resource properties that contain a single text entry. - displayname: Text - msDS-ClaimValueType: 3 - msDS-ClaimIsValueSpaceRestricted: False - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: False - showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 107: {7f77d431-dd6a-434f-ae4d-ce82928e498f} | Created a new MultivaluedText value type configuration object CN=MS-DS-MultivaluedText,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ValueType - description: You can use this type to author resource properties that can have multiple text entries. - displayname: Multi-valued Text<br />- msDS-ClaimValueType: 3<br />- msDS-ClaimIsValueSpaceRestricted: False<br />- msDS-ClaimIsSingleValued: False<br />- msDS-IsPossibleValuesPresent: False<br />- showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 108: {ba14e1f6-7cd1-4739-804f-57d0ea74edf4} | Created a new MultivaluedChoice value type configuration object CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ValueType - description: You can use this type to author resource properties that can have multiple entries that can't be compared. A user typically chooses each entry from a list of suggested values that are provided by ms-DS-Claim-Possible-Values on the resource properties. - displayname: Multi-valued Choice - msDS-ClaimValueType: 3 - msDS-ClaimIsValueSpaceRestricted: True - msDS-ClaimIsSingleValued: False - msDS-IsPossibleValuesPresent: True - showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 109: {156ffa2a-e07c-46fb-a5c4-fbd84a4e5cce} | Created a new Personally Identifiable Information resource property object CN=PII_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Personally Identifiable Information (PII) property specifies whether the resource contains PII and if it does, what the sensitivity level of that information is. - displayname: Personally Identifiable Information - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 110: {7771d7dd-2231-4470-aa74-84a6f56fc3b6} | Created a new Protected Health Information resource property object CN=ProtectedHealthInformation_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Protected Health Information (PHI) property specifies whether the resource contains any data related to an individual's medical record or medical payment history. - displayname: Protected Health Information - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 111: {49b2ae86-839a-4ea0-81fe-9171c1b98e83} | Created a new Required Clearance resource property object CN=RequiredClearance_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Required Clearance property specifies the level of clearance a user should possess before attempting to access the resource. - displayname: Required Clearance - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 112: {1b1de989-57ec-4e96-b933-8279a8119da4} | Created a new Confidentiality resource property object CN=Confidentiality_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Confidentiality property specifies the level of confidentiality of the resource, and the potential impact of inadvertent access or disclosure. - displayname: Confidentiality - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 113: {281c63f0-2c9a-4cce-9256-a238c23c0db9} | Created a new Compliancy resource property object CN=Compliancy_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Compliancy property specifies the compliance frameworks that apply to the resource. - displayname: Compliancy - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 114: {4c47881a-f15a-4f6c-9f49-2742f7a11f4b} | Created a new Discoverability resource property object CN=Discoverability_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Discoverability property specifies whether the resource contains potential evidence that might require disclosure to opposing legal counsel during the course of current or future litigation. - displayname: Discoverability - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 115: {2aea2dc6-d1d3-4f0c-9994-66c1da21de0f} | Created a new Immutable resource property object CN=Immutable_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Immutable property specifies whether a user should be allowed to delete a resource or change its contents. - displayname: Immutable - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 116: {ae78240c-43b9-499e-ae65-2b6e0f0e202a} | Created a new Intellectual Property resource property object CN=IntellectualProperty_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Intellectual Property (IP) property specifies whether the resource contains IP, and if so, what kind. - displayname: Intellectual Property - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 117: {261b5bba-3438-4d5c-a3e9-7b871e5f57f0} | Created a new Department resource property object CN=Department_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Department property specifies the name of the department to which the resource belongs. - displayname: Department - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 118: {3fb79c05-8ea1-438c-8c7a-81f213aa61c2} | Created a new Impact resource property object CN=Impact_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Impact property specifies the degree of organizational impact from inappropriate access or loss of the resource. - displayname: Impact - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain - msDS-ClaimPossibleValues: High - High business impact (HBI) - 3000, Moderate - Medium business impact (MBI) - 2000, Low - Low business impact (LBI) - 1000> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 119: {0b2be39a-d463-4c23-8290-32186759d3b1} | Created a new Personal Use resource property object CN=PersonalUse_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Personal Use property specifies whether the file is for personal use (not business related). - displayname: Personal Use - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 120: {f0842b44-bc03-46a1-a860-006e8527fccd} | Created a new Project resource property object CN=Project_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Project property specifies the names of one or more projects that are relevant to the resource. - displayname: Project - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 121: {93efec15-4dd9-4850-bc86-a1f2c8e2ebb9} | Created a new Retention Period resource property object CN=RetentionPeriod_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Retention Period property specifies the maximum period for which the file should be retained. - displayname: Retention Period - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 122: {9e108d96-672f-40f0-b6bd-69ee1f0b7ac4} | Created a new Retention Start Date resource property object CN=RetentionStartDate_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Retention Start Date property defines the starting date for a Retention Period. The retention period would begin on the Retention Start Date. - displayname: Retention Start Date - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: False - msDS-ValueTypeReference: CN=MS-DS-DateTime,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 123: {1e269508-f862-4c4a-b01f-420d26c4ff8c} | Created a new Company resource property object CN=Company_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Company property specifies which company the resource belongs to. - displayname: Company - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 125: {e1ab17ed-5efb-4691-ad2d-0424592c5755} Note: Operation 124 was deleted. | Created a new Folder Usage resource property object CN=FolderUsage_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourceProperty - description: The Folder Usage property specifies the purpose of the folder and the kind of files stored in it. - displayname: Folder Usage - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: False - msDS-AppliestoResourceTypes: MS-DS-Container - msDS-ValueTypeReference: CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 126: {0e848bd4-7c70-48f2-b8fc-00fbaa82e360} | Created a new Global Resource Property List configuration object CN=Global Resource Property List,CN=Resource Property Lists,CN=Claims Configuration,CN=Services in the Configuration partition. |
- objectClass: msDS-ResourcePropertyList - description: This is a global out of box resource property list that contains all resource properties that can be consumed by applications. - showInAdvancedViewOnly: True - msDS-MembersOfResourcePropertyList: CN=PII_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=ProtectedHealthInformation_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=RequiredClearance_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Confidentiality_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Compliancy_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Discoverability_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Immutable_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=IntellectualProperty_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Department_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Impact_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=PersonalUse_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Project_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=RetentionPeriod_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=RetentionStartDate_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Company_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=FolderUsage_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
Operation 127: {016f23f7-077d-41fa-a356-de7cfdb01797} | Call back function to upgrade display specifiers. | N/A | N/A |
Operation 128: {49c140db-2de3-44c2-a99a-bab2e6d2ba81} | Updated strings for Folder Usage resource property object CN=FolderUsage_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services in the Configuration partition. |
- description: The Folder Usage property specifies the purpose of the folder and the kind of files stored in it. |
N/A |
Operation 129: {e0b11c80-62c5-47f7-ad0d-3734a71b8312} | Added ACE to grant Principal Self Write Property and Read Property on CN=Sam-Domain object. |
N/A | (OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS) |
Operation 130: {2ada1a2d-b02f-4731-b4fe-59f955e24f71} | Added ACE to grant Principal Self Write Property and Read Property on CN=Domain-DNS object. |
N/A | (OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS) |