Muokkaa

Jaa


Domain-DNS class

Windows NT domain with DNS-based (DC=) naming.

Entry Value
CN Domain-DNS
Ldap-Display-Name domainDNS
Update Privilege -
Update Frequency -
Schema-Id-Guid 19195a5b-6da0-11d0-afd3-00c04fd930c9

Implementations

Windows 2000 Server

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.67
Default-Hiding-Value 0
Rdn-Att-Id Domain-Component
Subclass of Domain
Possible Superiors Domain-DNS
Auxiliary Classes Sam-Domain (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)S:(AU;CISAFA;WDWOSDDTWPCRCCDCSW;;;WD)
System-Flags 0x00000010

Windows 2000 Server Attributes

This class contains the following attributes for Windows 2000 Server:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Auditing-Policy False Sam-Domain
Bridgehead-Server-List-BL False Top
Builtin-Creation-Time False Sam-Domain
Builtin-Modified-Count False Sam-Domain
CA-Certificate False Sam-Domain
Canonical-Name False Top
Common-Name False Top
Control-Access-Rights False Sam-Domain
Create-Time-Stamp False Top
Creation-Time False Sam-Domain
Default-Local-Policy-Object False Sam-Domain
Description False Top
Sam-Domain
Desktop-Profile False Sam-Domain
Display-Name False Top
Display-Name-Printable False Top
Domain-Component True Domain
Domain-Policy-Object False Sam-Domain
DSA-Signature False Top
DS-Core-Propagation-Data False Top
EFSPolicy False Sam-Domain
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
GP-Link False Sam-Domain
GP-Options False Sam-Domain
Instance-Type True Top
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Last-Known-Parent False Top
Lockout-Duration False Sam-Domain
Lock-Out-Observation-Window False Sam-Domain
Lockout-Threshold False Sam-Domain
LSA-Creation-Time False Sam-Domain
LSA-Modified-Count False Sam-Domain
Managed-By False Domain-DNS
Managed-Objects False Top
Mastered-By False Top
Max-Pwd-Age False Sam-Domain
Min-Pwd-Age False Sam-Domain
Min-Pwd-Length False Sam-Domain
Modified-Count-At-Last-Prom False Sam-Domain
Modify-Time-Stamp False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
MS-DS-Machine-Account-Quota False Sam-Domain
NETBIOS-Name False Sam-Domain
netboot-SCP-BL False Top
Next-Rid False Sam-Domain
Non-Security-Member-BL False Top
NT-Mixed-Domain False Sam-Domain
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Pek-Key-Change-Interval False Sam-Domain
Pek-List False Sam-Domain
Possible-Inferiors False Top
Private-Key False Sam-Domain
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-History-Length False Sam-Domain
Pwd-Properties False Sam-Domain
Query-Policy-BL False Top
RDN False Top
Replica-Source False Sam-Domain
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
RID-Manager-Reference False Sam-Domain
SD-Rights-Effective False Top
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
Tree-Name False Sam-Domain
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top

Windows 2000 Server Extended Rights

This class contains the following extended rights for Windows 2000 Server:

Common Name
DS-Replication-Get-Changes
DS-Replication-Synchronize
DS-Replication-Manage-Topology
Change-PDC
Add-GUID
DS-Install-Replica

Windows Server 2003

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.67
Default-Hiding-Value 0
Rdn-Att-Id Domain-Component
Subclass of Domain
Possible Superiors Domain-DNS
Auxiliary Classes Sam-Domain (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
System-Flags 0x00000010

Windows Server 2003 Attributes

This class contains the following attributes for Windows Server 2003:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Auditing-Policy False Sam-Domain
Bridgehead-Server-List-BL False Top
Builtin-Creation-Time False Sam-Domain
Builtin-Modified-Count False Sam-Domain
CA-Certificate False Sam-Domain
Canonical-Name False Top
Common-Name False Top
Control-Access-Rights False Sam-Domain
Create-Time-Stamp False Top
Creation-Time False Sam-Domain
Default-Local-Policy-Object False Sam-Domain
Description False Top
Sam-Domain
Desktop-Profile False Sam-Domain
Display-Name False Top
Display-Name-Printable False Top
Domain-Component True Domain
Domain-Policy-Object False Sam-Domain
DSA-Signature False Top
DS-Core-Propagation-Data False Top
EFSPolicy False Sam-Domain
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
GP-Link False Sam-Domain
GP-Options False Sam-Domain
Instance-Type True Top
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Last-Known-Parent False Top
Lockout-Duration False Sam-Domain
Lock-Out-Observation-Window False Sam-Domain
Lockout-Threshold False Sam-Domain
LSA-Creation-Time False Sam-Domain
LSA-Modified-Count False Sam-Domain
Managed-By False Domain-DNS
Managed-Objects False Top
Mastered-By False Top
Max-Pwd-Age False Sam-Domain
Min-Pwd-Age False Sam-Domain
Min-Pwd-Length False Sam-Domain
Modified-Count-At-Last-Prom False Sam-Domain
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-DS-Allowed-DNS-Suffixes False Domain-DNS
MS-DS-All-Users-Trust-Quota False Sam-Domain
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-Behavior-Version False Domain-DNS
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Logon-Time-Sync-Interval False Sam-Domain
MS-DS-Machine-Account-Quota False Sam-Domain
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
MS-DS-Per-User-Trust-Quota False Sam-Domain
MS-DS-Per-User-Trust-Tombstones-Quota False Sam-Domain
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-Exch-Owner-BL False Top
NETBIOS-Name False Sam-Domain
netboot-SCP-BL False Top
Next-Rid False Sam-Domain
Non-Security-Member-BL False Top
NT-Mixed-Domain False Sam-Domain
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Pek-Key-Change-Interval False Sam-Domain
Pek-List False Sam-Domain
Possible-Inferiors False Top
Private-Key False Sam-Domain
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-History-Length False Sam-Domain
Pwd-Properties False Sam-Domain
Query-Policy-BL False Top
RDN False Top
Replica-Source False Sam-Domain
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
RID-Manager-Reference False Sam-Domain
SD-Rights-Effective False Top
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
Tree-Name False Sam-Domain
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top

Windows Server 2003 Extended Rights

This class contains the following extended rights for Windows Server 2003:

Common Name
DS-Replication-Get-Changes
DS-Replication-Synchronize
DS-Replication-Manage-Topology
Change-PDC
Add-GUID
DS-Install-Replica
Generate-RSoP-Planning
Generate-RSoP-Logging
Create-Inbound-Forest-Trust
DS-Replication-Get-Changes-All
Migrate-SID-History
Reanimate-Tombstones
DS-Replication-Monitor-Topology
Update-Password-Not-Required-Bit
Unexpire-Password
Enable-Per-User-Reversibly-Encrypted-Password

Windows Server 2003 Property Sets

This class contains the following property sets for Windows Server 2003:

Common Name
Domain-Password
Domain-Other-Parameters

ADAM

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.67
Default-Hiding-Value 0
Rdn-Att-Id Domain-Component
Subclass of Domain
Possible Superiors Domain-DNS
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:S:
System-Flags 0x00000010

ADAM Attributes

This class contains the following attributes for ADAM:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Common-Name False Top
Create-Time-Stamp False Top
Description False Top
Display-Name False Top
Domain-Component True Domain
DSA-Signature False Top
DS-Core-Propagation-Data False Top
From-Entry False Top
FSMO-Role-Owner False Top
Instance-Type True Top
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Last-Known-Parent False Top
Managed-By False Domain-DNS
Managed-Objects False Top
Mastered-By False Top
Modify-Time-Stamp False Top
ms-DS-Allowed-DNS-Suffixes False Domain-DNS
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-Behavior-Version False Domain-DNS
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Disable-For-Instances-BL False Top
ms-DS-Mastered-By False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Service-Account-BL False Top
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Possible-Inferiors False Top
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
RDN False Top
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reps-From False Top
Reps-To False Top
Revision False Top
SD-Rights-Effective False Top
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top

ADAM Extended Rights

This class contains the following extended rights for ADAM:

Common Name
DS-Replication-Get-Changes
DS-Replication-Synchronize
DS-Replication-Manage-Topology
DS-Install-Replica
DS-Replication-Get-Changes-All
Reanimate-Tombstones

Windows Server 2003 R2

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.67
Default-Hiding-Value 0
Rdn-Att-Id Domain-Component
Subclass of Domain
Possible Superiors Domain-DNS
Auxiliary Classes Sam-Domain (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
System-Flags 0x00000010

Windows Server 2003 R2 Attributes

This class contains the following attributes for Windows Server 2003 R2:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Auditing-Policy False Sam-Domain
Bridgehead-Server-List-BL False Top
Builtin-Creation-Time False Sam-Domain
Builtin-Modified-Count False Sam-Domain
CA-Certificate False Sam-Domain
Canonical-Name False Top
Common-Name False Top
Control-Access-Rights False Sam-Domain
Create-Time-Stamp False Top
Creation-Time False Sam-Domain
Default-Local-Policy-Object False Sam-Domain
Description False Top
Sam-Domain
Desktop-Profile False Sam-Domain
Display-Name False Top
Display-Name-Printable False Top
Domain-Component True Domain
Domain-Policy-Object False Sam-Domain
DSA-Signature False Top
DS-Core-Propagation-Data False Top
EFSPolicy False Sam-Domain
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
GP-Link False Sam-Domain
GP-Options False Sam-Domain
Instance-Type True Top
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Last-Known-Parent False Top
Lockout-Duration False Sam-Domain
Lock-Out-Observation-Window False Sam-Domain
Lockout-Threshold False Sam-Domain
LSA-Creation-Time False Sam-Domain
LSA-Modified-Count False Sam-Domain
Managed-By False Domain-DNS
Managed-Objects False Top
Mastered-By False Top
Max-Pwd-Age False Sam-Domain
Min-Pwd-Age False Sam-Domain
Min-Pwd-Length False Sam-Domain
Modified-Count-At-Last-Prom False Sam-Domain
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Allowed-DNS-Suffixes False Domain-DNS
MS-DS-All-Users-Trust-Quota False Sam-Domain
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-Behavior-Version False Domain-DNS
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Logon-Time-Sync-Interval False Sam-Domain
MS-DS-Machine-Account-Quota False Sam-Domain
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
MS-DS-Per-User-Trust-Quota False Sam-Domain
MS-DS-Per-User-Trust-Tombstones-Quota False Sam-Domain
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-Exch-Owner-BL False Top
msSFU-30-Posix-Member-Of False Top
NETBIOS-Name False Sam-Domain
netboot-SCP-BL False Top
Next-Rid False Sam-Domain
Non-Security-Member-BL False Top
NT-Mixed-Domain False Sam-Domain
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Pek-Key-Change-Interval False Sam-Domain
Pek-List False Sam-Domain
Possible-Inferiors False Top
Private-Key False Sam-Domain
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-History-Length False Sam-Domain
Pwd-Properties False Sam-Domain
Query-Policy-BL False Top
RDN False Top
Replica-Source False Sam-Domain
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
RID-Manager-Reference False Sam-Domain
SD-Rights-Effective False Top
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
Tree-Name False Sam-Domain
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top

Windows Server 2003 R2 Extended Rights

This class contains the following extended rights for Windows Server 2003 R2:

Common Name
DS-Replication-Get-Changes
DS-Replication-Synchronize
DS-Replication-Manage-Topology
Change-PDC
Add-GUID
DS-Install-Replica
Generate-RSoP-Planning
Generate-RSoP-Logging
Create-Inbound-Forest-Trust
DS-Replication-Get-Changes-All
Migrate-SID-History
Reanimate-Tombstones
DS-Replication-Monitor-Topology
Update-Password-Not-Required-Bit
Unexpire-Password
Enable-Per-User-Reversibly-Encrypted-Password

Windows Server 2003 R2 Property Sets

This class contains the following property sets for Windows Server 2003 R2:

Common Name
Domain-Password
Domain-Other-Parameters

Windows Server 2008

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.67
Default-Hiding-Value 0
Rdn-Att-Id Domain-Component
Subclass of Domain
Possible Superiors Domain-DNS
Auxiliary Classes Sam-Domain (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
System-Flags 0x00000010

Windows Server 2008 Attributes

This class contains the following attributes for Windows Server 2008:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Auditing-Policy False Sam-Domain
Bridgehead-Server-List-BL False Top
Builtin-Creation-Time False Sam-Domain
Builtin-Modified-Count False Sam-Domain
CA-Certificate False Sam-Domain
Canonical-Name False Top
Common-Name False Top
Control-Access-Rights False Sam-Domain
Create-Time-Stamp False Top
Creation-Time False Sam-Domain
Default-Local-Policy-Object False Sam-Domain
Description False Top
Sam-Domain
Desktop-Profile False Sam-Domain
Display-Name False Top
Display-Name-Printable False Top
Domain-Component True Domain
Domain-Policy-Object False Sam-Domain
DSA-Signature False Top
DS-Core-Propagation-Data False Top
EFSPolicy False Sam-Domain
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
GP-Link False Sam-Domain
GP-Options False Sam-Domain
Instance-Type True Top
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Last-Known-Parent False Top
Lockout-Duration False Sam-Domain
Lock-Out-Observation-Window False Sam-Domain
Lockout-Threshold False Sam-Domain
LSA-Creation-Time False Sam-Domain
LSA-Modified-Count False Sam-Domain
Managed-By False Domain-DNS
Managed-Objects False Top
Mastered-By False Top
Max-Pwd-Age False Sam-Domain
Min-Pwd-Age False Sam-Domain
Min-Pwd-Length False Sam-Domain
Modified-Count-At-Last-Prom False Sam-Domain
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Allowed-DNS-Suffixes False Domain-DNS
MS-DS-All-Users-Trust-Quota False Sam-Domain
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Behavior-Version False Domain-DNS
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-Is-Partial-Replica-For False Top
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Logon-Time-Sync-Interval False Sam-Domain
MS-DS-Machine-Account-Quota False Sam-Domain
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
MS-DS-Per-User-Trust-Quota False Sam-Domain
MS-DS-Per-User-Trust-Tombstones-Quota False Sam-Domain
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-Exch-Owner-BL False Top
msSFU-30-Posix-Member-Of False Top
NETBIOS-Name False Sam-Domain
netboot-SCP-BL False Top
Next-Rid False Sam-Domain
Non-Security-Member-BL False Top
NT-Mixed-Domain False Sam-Domain
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Pek-Key-Change-Interval False Sam-Domain
Pek-List False Sam-Domain
Possible-Inferiors False Top
Private-Key False Sam-Domain
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-History-Length False Sam-Domain
Pwd-Properties False Sam-Domain
Query-Policy-BL False Top
RDN False Top
Replica-Source False Sam-Domain
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
RID-Manager-Reference False Sam-Domain
SD-Rights-Effective False Top
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
Tree-Name False Sam-Domain
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top

Windows Server 2008 Extended Rights

This class contains the following extended rights for Windows Server 2008:

Common Name
DS-Replication-Get-Changes
DS-Replication-Synchronize
DS-Replication-Manage-Topology
Change-PDC
Add-GUID
DS-Install-Replica
Generate-RSoP-Planning
Generate-RSoP-Logging
Create-Inbound-Forest-Trust
DS-Replication-Get-Changes-All
Migrate-SID-History
Reanimate-Tombstones
DS-Replication-Monitor-Topology
Update-Password-Not-Required-Bit
Unexpire-Password
Enable-Per-User-Reversibly-Encrypted-Password
Read-Only-Replication-Secret-Synchronization
DS-Replication-Get-Changes-In-Filtered-Set

Windows Server 2008 Property Sets

This class contains the following property sets for Windows Server 2008:

Common Name
Domain-Password
Domain-Other-Parameters

Windows Server 2008 R2

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.67
Default-Hiding-Value 0
Rdn-Att-Id Domain-Component
Subclass of Domain
Possible Superiors Domain-DNS
Auxiliary Classes Sam-Domain (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
System-Flags 0x00000010

Windows Server 2008 R2 Attributes

This class contains the following attributes for Windows Server 2008 R2:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Auditing-Policy False Sam-Domain
Bridgehead-Server-List-BL False Top
Builtin-Creation-Time False Sam-Domain
Builtin-Modified-Count False Sam-Domain
CA-Certificate False Sam-Domain
Canonical-Name False Top
Common-Name False Top
Control-Access-Rights False Sam-Domain
Create-Time-Stamp False Top
Creation-Time False Sam-Domain
Default-Local-Policy-Object False Sam-Domain
Description False Top
Sam-Domain
Desktop-Profile False Sam-Domain
Display-Name False Top
Display-Name-Printable False Top
Domain-Component True Domain
Domain-Policy-Object False Sam-Domain
DSA-Signature False Top
DS-Core-Propagation-Data False Top
EFSPolicy False Sam-Domain
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
GP-Link False Sam-Domain
GP-Options False Sam-Domain
Instance-Type True Top
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Is-Recycled False Top
Last-Known-Parent False Top
Lockout-Duration False Sam-Domain
Lock-Out-Observation-Window False Sam-Domain
Lockout-Threshold False Sam-Domain
LSA-Creation-Time False Sam-Domain
LSA-Modified-Count False Sam-Domain
Managed-By False Domain-DNS
Managed-Objects False Top
Mastered-By False Top
Max-Pwd-Age False Sam-Domain
Min-Pwd-Age False Sam-Domain
Min-Pwd-Length False Sam-Domain
Modified-Count-At-Last-Prom False Sam-Domain
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Allowed-DNS-Suffixes False Domain-DNS
MS-DS-All-Users-Trust-Quota False Sam-Domain
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Behavior-Version False Domain-DNS
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Enabled-Feature False Domain-DNS
ms-DS-Enabled-Feature-BL False Top
ms-DS-Host-Service-Account-BL False Top
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-Is-Partial-Replica-For False Top
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Last-Known-RDN False Top
ms-DS-local-Effective-Deletion-Time False Top
ms-DS-local-Effective-Recycle-Time False Top
ms-DS-Logon-Time-Sync-Interval False Sam-Domain
MS-DS-Machine-Account-Quota False Sam-Domain
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-OIDToGroup-Link-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
MS-DS-Per-User-Trust-Quota False Sam-Domain
MS-DS-Per-User-Trust-Tombstones-Quota False Sam-Domain
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-DS-USN-Last-Sync-Success False Domain-DNS
ms-Exch-Owner-BL False Top
msSFU-30-Posix-Member-Of False Top
NETBIOS-Name False Sam-Domain
netboot-SCP-BL False Top
Next-Rid False Sam-Domain
Non-Security-Member-BL False Top
NT-Mixed-Domain False Sam-Domain
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Pek-Key-Change-Interval False Sam-Domain
Pek-List False Sam-Domain
Possible-Inferiors False Top
Private-Key False Sam-Domain
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-History-Length False Sam-Domain
Pwd-Properties False Sam-Domain
Query-Policy-BL False Top
RDN False Top
Replica-Source False Sam-Domain
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
RID-Manager-Reference False Sam-Domain
SD-Rights-Effective False Top
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
Tree-Name False Sam-Domain
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top

Windows Server 2008 R2 Extended Rights

This class contains the following extended rights for Windows Server 2008 R2:

Common Name
DS-Replication-Get-Changes
DS-Replication-Synchronize
DS-Replication-Manage-Topology
Change-PDC
Add-GUID
DS-Install-Replica
Generate-RSoP-Planning
Generate-RSoP-Logging
Create-Inbound-Forest-Trust
DS-Replication-Get-Changes-All
Migrate-SID-History
Reanimate-Tombstones
DS-Replication-Monitor-Topology
Update-Password-Not-Required-Bit
Unexpire-Password
Enable-Per-User-Reversibly-Encrypted-Password
Read-Only-Replication-Secret-Synchronization
DS-Replication-Get-Changes-In-Filtered-Set
Run-Protect-Admin-Groups-Task

Windows Server 2008 R2 Property Sets

This class contains the following property sets for Windows Server 2008 R2:

Common Name
Domain-Password
Domain-Other-Parameters

Windows Server 2012

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.67
Default-Hiding-Value 0
Rdn-Att-Id Domain-Component
Subclass of Domain
Possible Superiors Domain-DNS
Auxiliary Classes Sam-Domain (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;WP;ea1b7b93-5e48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(OA;;CR;3e0f7e18-2c7a-4c10-ba82-4d926db99a3e;;CN)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
System-Flags 0x00000010

Windows Server 2012 Attributes

This class contains the following attributes for Windows Server 2012:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Auditing-Policy False Sam-Domain
Bridgehead-Server-List-BL False Top
Builtin-Creation-Time False Sam-Domain
Builtin-Modified-Count False Sam-Domain
CA-Certificate False Sam-Domain
Canonical-Name False Top
Common-Name False Top
Control-Access-Rights False Sam-Domain
Create-Time-Stamp False Top
Creation-Time False Sam-Domain
Default-Local-Policy-Object False Sam-Domain
Description False Top
Sam-Domain
Desktop-Profile False Sam-Domain
Display-Name False Top
Display-Name-Printable False Top
Domain-Component True Domain
Domain-Policy-Object False Sam-Domain
DSA-Signature False Top
DS-Core-Propagation-Data False Top
EFSPolicy False Sam-Domain
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
GP-Link False Sam-Domain
GP-Options False Sam-Domain
Instance-Type True Top
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Is-Recycled False Top
Last-Known-Parent False Top
Lockout-Duration False Sam-Domain
Lock-Out-Observation-Window False Sam-Domain
Lockout-Threshold False Sam-Domain
LSA-Creation-Time False Sam-Domain
LSA-Modified-Count False Sam-Domain
Managed-By False Domain-DNS
Managed-Objects False Top
Mastered-By False Top
Max-Pwd-Age False Sam-Domain
Min-Pwd-Age False Sam-Domain
Min-Pwd-Length False Sam-Domain
Modified-Count-At-Last-Prom False Sam-Domain
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Allowed-DNS-Suffixes False Domain-DNS
MS-DS-All-Users-Trust-Quota False Sam-Domain
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Behavior-Version False Domain-DNS
ms-DS-Claim-Shares-Possible-Values-With-BL False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Enabled-Feature False Domain-DNS
ms-DS-Enabled-Feature-BL False Top
ms-DS-Host-Service-Account-BL False Top
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-Is-Partial-Replica-For False Top
ms-DS-Is-Primary-Computer-For False Top
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Last-Known-RDN False Top
ms-DS-local-Effective-Deletion-Time False Top
ms-DS-local-Effective-Recycle-Time False Top
ms-DS-Logon-Time-Sync-Interval False Sam-Domain
MS-DS-Machine-Account-Quota False Sam-Domain
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-Members-Of-Resource-Property-List-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-OIDToGroup-Link-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
MS-DS-Per-User-Trust-Quota False Sam-Domain
MS-DS-Per-User-Trust-Tombstones-Quota False Sam-Domain
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-DS-TDO-Egress-BL False Top
ms-DS-TDO-Ingress-BL False Top
ms-DS-USN-Last-Sync-Success False Domain-DNS
ms-DS-Value-Type-Reference-BL False Top
ms-Exch-Owner-BL False Top
msSFU-30-Posix-Member-Of False Top
NETBIOS-Name False Sam-Domain
netboot-SCP-BL False Top
Next-Rid False Sam-Domain
Non-Security-Member-BL False Top
NT-Mixed-Domain False Sam-Domain
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Pek-Key-Change-Interval False Sam-Domain
Pek-List False Sam-Domain
Possible-Inferiors False Top
Private-Key False Sam-Domain
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-History-Length False Sam-Domain
Pwd-Properties False Sam-Domain
Query-Policy-BL False Top
RDN False Top
Replica-Source False Sam-Domain
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
RID-Manager-Reference False Sam-Domain
SD-Rights-Effective False Top
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
Tree-Name False Sam-Domain
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top

Windows Server 2012 Extended Rights

This class contains the following extended rights for Windows Server 2012:

Common Name
DS-Replication-Get-Changes
DS-Replication-Synchronize
DS-Replication-Manage-Topology
Change-PDC
Add-GUID
DS-Install-Replica
Generate-RSoP-Planning
Generate-RSoP-Logging
Create-Inbound-Forest-Trust
DS-Replication-Get-Changes-All
Migrate-SID-History
Reanimate-Tombstones
DS-Replication-Monitor-Topology
Update-Password-Not-Required-Bit
Unexpire-Password
Enable-Per-User-Reversibly-Encrypted-Password
Read-Only-Replication-Secret-Synchronization
DS-Replication-Get-Changes-In-Filtered-Set
Run-Protect-Admin-Groups-Task
DS-Clone-Domain-Controller

Windows Server 2012 Property Sets

This class contains the following property sets for Windows Server 2012:

Common Name
Domain-Password
Domain-Other-Parameters