Partager via


6.1.1.4.12 Builtin Container

In AD DS, each domain NC contains this container. Its children are described later in this section. This container is not present in AD LDS.

name: Builtin

parent: domain NC root

objectClass: builtinDomain

systemFlags: {FLAG_DISALLOW_DELETE | FLAG_DOMAIN_DISALLOW_RENAME | FLAG_DOMAIN_DISALLOW_MOVE}

The children of the Builtin container are well-known security principals from the built-in domain.

Each child of the Builtin container is a group with the following attributes:

parent: Builtin container

objectClass: group

objectSid: The domain portion is the built-in domain SID (S-1-5-32). The RID portion is specified per object in the following subsections. For instance, the Account Operators RID is 548, so the Account Operators objectSid is S-1-5-32-548.

systemFlags: {FLAG_DISALLOW_DELETE | FLAG_DOMAIN_DISALLOW_RENAME | FLAG_DOMAIN_DISALLOW_MOVE}

groupType: {GROUP_TYPE_BUILTIN_LOCAL_GROUP | GROUP_TYPE_RESOURCE_GROUP | GROUP_TYPE_SECURITY_ENABLED}

Unless otherwise noted in the following subsections, the initial membership of each group is empty. After initialization, the administrator controls the membership of each group.