林范围更新

可以查看下面的一组更改,以便了解和准备在 Windows Server 上运行 adprep /forestprep 时执行的架构更新。

从 Windows Server 2012 开始,Adprep 命令会在 AD DS 安装期间按需自动运行。 也可以在安装 AD DS 之前单独运行这些命令。 有关详细信息,请参阅运行 Adprep.exe

重要

林范围的架构更新由 adprep 累积执行。 例如,操作 131 - 135 在操作 136 - 142 之前执行。

有关如何解释访问控制条目 (ACE) 字符串的详细信息,请参阅 ACE 字符串。 有关如何解释安全 ID (SID) 字符串的详细信息,请参阅 SID 字符串

Windows Server 2016:林范围的更新

Windows Server 2016 中 /forestprep 开关执行的操作(操作 136-142)完成后,CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=ForestRootDomain 对象的 revision 属性将设置为 16。

操作编号和 GUID 说明 属性 权限
操作 136:{328092FB-16E7-4453-9AB8-7592DB56E9C4} CN=Send-As,CN=Extended-Rights 授予 gMSA 帐户。 空值 空值
操作 137:{3A1C887F-DF0A-489F-B3F2-2D0409095F6E} CN=Receive-As,CN=Extended-Rights 授予 gMSA 帐户。 空值 空值
操作 138:{232E831F-F988-4444-8E3E-8A352E2FD411} CN=Personal-Information,CN=Extended-Rights 授予 gMSA 帐户。 空值 不适用
操作 139:{DDDDCF0C-BEC9-4A5A-AE86-3CFE6CC6E110} CN=Public-Information,CN=Extended-Rights 授予 gMSA 帐户。 空值 不适用
操作 140:{A0A45AAC-5550-42DF-BB6A-3CC5C46B52F2} CN=Validated-SPN,CN=Extended-Rights 授予 gMSA 帐户。 空值 不适用
操作 141:{3E7645F3-3EA5-4567-B35A-87630449C70C} CN=Allowed-To-Authenticate,CN=Extended-Rights 授予 gMSA 帐户。 空值 不适用
操作 142:{E634067B-E2C4-4D79-B6E8-73C619324D5E} CN=MS-TS-GatewayAccess,CN=Extended-Rights 授予 gMSA 帐户。 空值 不适用

Windows Server 2012 R2:林范围的更新

Windows Server 2012 R2 中 /forestprep 开关执行的操作(操作 131-135)完成后,CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=ForestRootDomain 对象的 revision 属性将设置为 15。

操作编号和 GUID 说明 属性 权限
操作 131:{b83818c1-01a6-4f39-91b7-a3bb581c3ae3} 在配置分区中创建了新的身份验证策略配置容器对象 CN=AuthN Policy Configuration,CN=Services - objectClass: container
- displayName: Authentication Policy Configuration
- description: Contains configuration for authentication policy.
- showInAdvancedViewOnly: True
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 132:{bbbb9db0-4009-4368-8c40-6674e980d3c3} 在配置分区中创建了新的身份验证策略对象 CN=AuthN Policies,CN=AuthN Policy Configuration,CN=Services - objectClass: msDS-AuthNPolicies
- displayName: Authentication Policies
- description: Contains authentication policy objects.
- showInAdvancedViewOnly: True
(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
(A;;RPLCLORC;;;AU)
操作 133:{f754861c-3692-4a7b-b2c2-d0fa28ed0b0b} 在配置分区中创建了新的身份验证策略孤岛对象 CN=AuthN Silos,CN=AuthN Policy Configuration,CN=Services - objectClass: msDS-AuthNPolicySilos
- displayName: Authentication Policy Silos
- description: Contains authentication policy silo objects.
- showInAdvancedViewOnly: True
(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
(A;;RPLCLORC;;;AU)
操作 134:{d32f499f-3026-4af0-a5bd-13fe5a331bd2} 在配置分区中创建了新的身份验证孤岛声明类型对象 CN=ad://ext/AuthenticationSilo,CN=Claim Types,CN=Claims Configuration,CN=Services - objectClass: msDS-ClaimType
- displayname: AuthenticationSilo
- name: ad://ext/AuthenticationSilo
- Enabled: True
- msDS-ClaimIsValueSpaceRestricted: True
- msDS-ClaimIsSingleValued: True
- msDS-ClaimSourceType: Constructed
- msDS-ClaimValueType: 3
- msDS-ClaimTypeAppliesToClass: CN=User,CN=Schema,%ws
- msDS-ClaimTypeAppliesToClass: CN=Computer,CN=Schema,%ws
- msDS-ClaimTypeAppliesToClass: CN=ms-DS-Managed-Service-Account,CN=Schema,%ws
- msDS-ClaimTypeAppliesToClass: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,%ws
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
(A;;RPLCLORC;;;AU)
操作 135:{38618886-98ee-4e42-8cf1-d9a2cd9edf8b} 将新身份验证孤岛声明类型中的 msDS-ClaimIsValueSpaceRestricted 属性设置为 false - msDS-ClaimIsValueSpaceRestricted: False 不适用

Windows Server 2012:林范围的更新

Windows Server 2012 中 /forestprep 开关执行的操作(操作 84-130)完成后,CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=ForestRootDomain 对象的 revision 属性将设置为 11。

操作编号和 GUID 说明 属性 权限
操作 84:{4664e973-cb20-4def-b3d5-559d6fe123e0} 在配置分区中创建了新容器 CN=Claims Configuration,CN=Services - objectClass: container (A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 85:{2972d92d-a07a-44ac-9cb0-bf243356f345} 在配置分区中创建了新对象 CN=Claim Types,CN=Claims Configuration,CN=Services - objectClass: msDS-ClaimTypes
- showInAdvancedViewOnly: True
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 86:{09a49cb3-6c54-4b83-ab20-8370838ba149} 在配置分区中创建了新对象 CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperties
- showInAdvancedViewOnly: True
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 87:{77283e65-ce02-4dc3-8c1e-bf99b22527c2} 在配置分区中创建了新容器 CN=Resource Property Lists,CN=Claims Configuration,CN=Services - objectClass: container
- showInAdvancedViewOnly: True
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 88:{0afb7f53-96bd-404b-a659-89e65c269420} 在架构分区中创建了新对象 CN=Sam-Domain 空值 创建了以下访问控制条目 (ACE),以在对象上授予“自行向主体写入属性”权限:

(OA;CIIO;WP;ea1b7b93-5e48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)

操作 89:{c7f717ef-fdbe-4b4b-8dfc-fa8b839fbcfa} 在架构分区中创建了新对象 CN=Domain-DNS 空值 创建了以下访问控制条目 (ACE),以在对象上授予“自行向主体写入属性”权限:

(OA;CIIO;WP;ea1b7b93-5e48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)

操作 90:{00232167-f3a4-43c6-b503-9acb7a81b01c} 回调函数以升级显示说明符。 空值 空值
操作 91:{73a9515b-511c-44d2-822b-444a33d3bd33} 在配置分区中创建了新容器 CN=Microsoft SPP,CN=Services - objectClass: container
- showInAdvancedViewOnly: True
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 92:{e0c60003-2ed7-4fd3-8659-7655a7e79397} 在配置分区中创建了新激活对象容器 CN=Activation Objects,CN=Microsoft SPP,CN=Services - objectClass: msSPP-ActivationObjectsContainer
- showInAdvancedViewOnly: True
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 93:{ed0c8cca-80ab-4b6b-ac5a-59b1d317e11f} 在配置分区中创建了新中心访问策略容器 CN=Central Access Policies,CN=Claims Configuration,CN=Services - objectClass: msAuthz-CentralAccessPolicies
- showInAdvancedViewOnly: True
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 94:{b6a6c19a-afc9-476b-8994-61f5b14b3f05} 在配置分区中创建了新中心访问策略条目容器 CN=Central Access Rules,CN=Claims Configuration,CN=Services - objectClass: msAuthz-CentralAccessRules
- showInAdvancedViewOnly: True
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 95:{defc28cd-6cb6-4479-8bcb-aabfb41e9713} 在配置分区中创建了新组密钥分发服务容器 CN=Group Key Distribution Service,CN=Services - objectClass: container
- description: The container contains configuration and data for Group Key Distribution Service.
- showInAdvancedViewOnly: True
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 96:{d6bd96d4-e66b-4a38-9c6b-e976ff58c56d} 在配置分区中创建了新主根密钥容器 CN=Master Root Keys,CN=Group Key Distribution Service,CN=Services - objectClass: container
- description: The container contains master root keys for Group Key Distribution Service.
- showInAdvancedViewOnly: True
(A;;RPLCLORC;;;AU
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 97:{bb8efc40-3090-4fa2-8a3f-7cd1d380e695} 在配置分区中创建了新服务器配置容器 CN=Server Configuration,CN=Group Key Distribution Service,CN=Services - objectClass: container
- description: The container contains Group Key Distribution Service configurations.
- showInAdvancedViewOnly: True
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 98:{2d6abe1b-4326-489e-920c-76d5337d2dc5} 在配置分区中创建了新的空服务器配置对象容器 CN=Group Key Distribution Service Server Configuration,CN=Server Configuration,CN=Group Key Distribution Service,CN=Services - objectClass: msKds-ProvServerConfiguration
- description: The configuration of cryptography algorithms used by Group Key Distribution Service.
- msKds-Version: 1
- showInAdvancedViewOnly: True
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 99:{6b13dfb5-cecc-4fb8-b28d-0505cea24175} 在配置分区中创建了新的声明转换策略配置容器 CN=Claims Transformation Policies,CN=Claims Configuration,CN=Services - objectClass: msDS-ClaimsTransformationPolicies
- showInAdvancedViewOnly: True
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 100:{92e73422-c68b-46c9-b0d5-b55f9c741410} 在配置分区中创建了新的值类型配置容器 CN=Value Types,CN=Claims Configuration,CN=Services - objectClass: container
- showInAdvancedViewOnly: True
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 101:{c0ad80b4-8e84-4cc4-9163-2f84649bcc42} 在配置分区中创建了新的 SinglevaluedChoice 值类型配置对象 CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services - objectClass: msDS-ValueType
- description: You can use this type to author a resource property. When assigning value to a resource property of this value type, a user can choose only one entry from a list of suggested values.
- displayname: Single-valued Choice
- msDS-ClaimValueType: 3
- msDS-ClaimIsValueSpaceRestricted: True
- msDS-ClaimIsSingleValued: True
- msDS-IsPossibleValuesPresent: True
- showInAdvancedViewOnly: True
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 102:{992fe1d0-6591-4f24-a163-c820fcb7f308} 在配置分区中创建了新的 YesNo 值类型配置对象 CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services - objectClass: msDS-ValueType
- description: The valid values for this type are Yes or No.
- displayname: Yes/No
- msDS-ClaimValueType: 6
- msDS-ClaimIsValueSpaceRestricted: False
- msDS-ClaimIsSingleValued: True
- msDS-IsPossibleValuesPresent: False
- showInAdvancedViewOnly: True
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 103:{ede85f96-7061-47bf-b11b-0c0d999595b5} 在配置分区中创建了新的 Number 值类型配置对象 CN=MS-DS-Number,CN=Value Types,CN=Claims Configuration,CN=Services - objectClass: msDS-ValueType
- description: You can use this type to author resource properties that contain a single number.
- displayname: Number
- msDS-ClaimValueType: 1
- msDS-ClaimIsValueSpaceRestricted: False
- msDS-ClaimIsSingleValued: True
- msDS-IsPossibleValuesPresent: False
- showInAdvancedViewOnly: True
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 104:{ee0f3271-eb51-414a-bdac-8f9ba6397a39} 在配置分区中创建了新的 DateTime 值类型配置对象 CN=MS-DS-DateTime,CN=Value Types,CN=Claims Configuration,CN=Services - objectClass:msDS-ValueType
- description: You can use this type to author resource properties that are of the date and time format.
- displayname: Date Time
- msDS-ClaimValueType: 1
- msDS-ClaimIsValueSpaceRestricted: False
- msDS-ClaimIsSingleValued: True
- msDS-IsPossibleValuesPresent: False
- showInAdvancedViewOnly: True
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 105:{587d52e0-507e-440e-9d67-e6129f33bb68} 在配置分区中创建了新的 OrderedList 值类型配置对象 CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services - objectClass: msDS-ValueType
- description: You can use this type to author resource properties that contain a single choice entry that can be compared to other resource properties of the same type. A user typically chooses the entry from a list of ordered suggested values that are provided by ms-DS-Claim-Possible-Values on the resource properties.
- displayname: Ordered List
- msDS-ClaimValueType: 1
- msDS-ClaimIsValueSpaceRestricted: True
- msDS-ClaimIsSingleValued: True
- msDS-IsPossibleValuesPresent: True
- showInAdvancedViewOnly: True
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 106:{ce24f0f6-237e-43d6-ac04-1e918ab04aac} 在配置分区中创建了新的 Text 值类型配置对象 CN=MS-DS-Text,CN=Value Types,CN=Claims Configuration,CN=Services - objectClass: msDS-ValueType
- description: You can use this type to author resource properties that contain a single text entry.
- displayname: Text
- msDS-ClaimValueType: 3
- msDS-ClaimIsValueSpaceRestricted: False
- msDS-ClaimIsSingleValued: True
- msDS-IsPossibleValuesPresent: False
- showInAdvancedViewOnly: True
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 107:{7f77d431-dd6a-434f-ae4d-ce82928e498f} 在配置分区中创建了新的 MultivaluedText 值类型配置对象 CN=MS-DS-MultivaluedText,CN=Value Types,CN=Claims Configuration,CN=Services - objectClass: msDS-ValueType
- description: You can use this type to author resource properties that can have multiple text entries.
- displayname: Multi-valued Text<br />- msDS-ClaimValueType: 3<br />- msDS-ClaimIsValueSpaceRestricted: False<br />- msDS-ClaimIsSingleValued: False<br />- msDS-IsPossibleValuesPresent: False<br />- showInAdvancedViewOnly: True
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 108:{ba14e1f6-7cd1-4739-804f-57d0ea74edf4} 在配置分区中创建了新的 MultivaluedChoice 值类型配置对象 CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services - objectClass: msDS-ValueType
- description: You can use this type to author resource properties that can have multiple entries that can't be compared. A user typically chooses each entry from a list of suggested values that are provided by ms-DS-Claim-Possible-Values on the resource properties.
- displayname: Multi-valued Choice
- msDS-ClaimValueType: 3
- msDS-ClaimIsValueSpaceRestricted: True
- msDS-ClaimIsSingleValued: False
- msDS-IsPossibleValuesPresent: True
- showInAdvancedViewOnly: True
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 109:{156ffa2a-e07c-46fb-a5c4-fbd84a4e5cce} 在配置分区中创建了新的个人身份信息资源属性对象 CN=PII_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Personally Identifiable Information (PII) property specifies whether the resource contains PII and if it does, what the sensitivity level of that information is.
- displayname: Personally Identifiable Information
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: True
- msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 110:{7771d7dd-2231-4470-aa74-84a6f56fc3b6} 在配置分区中创建了新的受保护健康信息资源属性对象 CN=ProtectedHealthInformation_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Protected Health Information (PHI) property specifies whether the resource contains any data related to an individual's medical record or medical payment history.
- displayname: Protected Health Information
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: True
- msDS-ValueTypeReference: CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 111:{49b2ae86-839a-4ea0-81fe-9171c1b98e83} 在配置分区中创建了新的所需许可资源属性对象 CN=RequiredClearance_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Required Clearance property specifies the level of clearance a user should possess before attempting to access the resource.
- displayname: Required Clearance
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: True
- msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 112:{1b1de989-57ec-4e96-b933-8279a8119da4} 在配置分区中创建了新的机密性资源属性对象 CN=Confidentiality_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Confidentiality property specifies the level of confidentiality of the resource, and the potential impact of inadvertent access or disclosure.
- displayname: Confidentiality
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: True
- msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 113:{281c63f0-2c9a-4cce-9256-a238c23c0db9} 在配置分区中创建了新的合规性资源属性对象 CN=Compliancy_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Compliancy property specifies the compliance frameworks that apply to the resource.
- displayname: Compliancy
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: True
- msDS-ValueTypeReference: CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 114:{4c47881a-f15a-4f6c-9f49-2742f7a11f4b} 在配置分区中创建了新的可发现性资源属性对象 CN=Discoverability_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Discoverability property specifies whether the resource contains potential evidence that might require disclosure to opposing legal counsel during the course of current or future litigation.
- displayname: Discoverability
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: True
- msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 115:{2aea2dc6-d1d3-4f0c-9994-66c1da21de0f} 在配置分区中创建了新的不可变资源属性对象 CN=Immutable_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Immutable property specifies whether a user should be allowed to delete a resource or change its contents.
- displayname: Immutable
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: True
- msDS-ValueTypeReference: CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 116:{ae78240c-43b9-499e-ae65-2b6e0f0e202a} 在配置分区中创建了新的知识产权资源属性对象 CN=IntellectualProperty_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Intellectual Property (IP) property specifies whether the resource contains IP, and if so, what kind.
- displayname: Intellectual Property
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: True
- msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 117:{261b5bba-3438-4d5c-a3e9-7b871e5f57f0} 在配置分区中创建了新的部门资源属性对象 CN=Department_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Department property specifies the name of the department to which the resource belongs.
- displayname: Department
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: True
- msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 118:{3fb79c05-8ea1-438c-8c7a-81f213aa61c2} 在配置分区中创建了新的影响资源属性对象 CN=Impact_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Impact property specifies the degree of organizational impact from inappropriate access or loss of the resource.
- displayname: Impact
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: True
- msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain
- msDS-ClaimPossibleValues: High - High business impact (HBI) - 3000, Moderate - Medium business impact (MBI) - 2000, Low - Low business impact (LBI) - 1000>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 119:{0b2be39a-d463-4c23-8290-32186759d3b1} 在配置分区中创建了新的个人使用资源属性对象 CN=PersonalUse_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Personal Use property specifies whether the file is for personal use (not business related).
- displayname: Personal Use
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: True
- msDS-ValueTypeReference: CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 120:{f0842b44-bc03-46a1-a860-006e8527fccd} 在配置分区中创建了新的项目资源属性对象 CN=Project_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Project property specifies the names of one or more projects that are relevant to the resource.
- displayname: Project
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: True
- msDS-ValueTypeReference: CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 121:{93efec15-4dd9-4850-bc86-a1f2c8e2ebb9} 在配置分区中创建了新的保留期资源属性对象 CN=RetentionPeriod_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Retention Period property specifies the maximum period for which the file should be retained.
- displayname: Retention Period
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: True
- msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 122:{9e108d96-672f-40f0-b6bd-69ee1f0b7ac4} 在配置分区中创建了新的保留期开始日期资源属性对象 CN=RetentionStartDate_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Retention Start Date property defines the starting date for a Retention Period. The retention period would begin on the Retention Start Date.
- displayname: Retention Start Date
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: False
- msDS-ValueTypeReference: CN=MS-DS-DateTime,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 123:{1e269508-f862-4c4a-b01f-420d26c4ff8c} 在配置分区中创建了新的公司资源属性对象 CN=Company_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Company property specifies which company the resource belongs to.
- displayname: Company
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: True
- msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 125:{e1ab17ed-5efb-4691-ad2d-0424592c5755} 注意:已删除 操作 124。 在配置分区中创建了新的文件夹使用资源属性对象 CN=FolderUsage_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourceProperty
- description: The Folder Usage property specifies the purpose of the folder and the kind of files stored in it.
- displayname: Folder Usage
- Enabled: False
- msDS-IsUsedAsResourceSecurityAttribute: False
- msDS-AppliestoResourceTypes: MS-DS-Container
- msDS-ValueTypeReference: CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 126:{0e848bd4-7c70-48f2-b8fc-00fbaa82e360} 在配置分区中创建了新的全局资源属性列表配置对象 CN=Global Resource Property List,CN=Resource Property Lists,CN=Claims Configuration,CN=Services - objectClass: msDS-ResourcePropertyList
- description: This is a global out of box resource property list that contains all resource properties that can be consumed by applications.
- showInAdvancedViewOnly: True
- msDS-MembersOfResourcePropertyList: CN=PII_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
- msDS-MembersOfResourcePropertyList: CN=ProtectedHealthInformation_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
- msDS-MembersOfResourcePropertyList: CN=RequiredClearance_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
- msDS-MembersOfResourcePropertyList: CN=Confidentiality_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
- msDS-MembersOfResourcePropertyList: CN=Compliancy_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
- msDS-MembersOfResourcePropertyList: CN=Discoverability_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
- msDS-MembersOfResourcePropertyList: CN=Immutable_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
- msDS-MembersOfResourcePropertyList: CN=IntellectualProperty_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
- msDS-MembersOfResourcePropertyList: CN=Department_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
- msDS-MembersOfResourcePropertyList: CN=Impact_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
- msDS-MembersOfResourcePropertyList: CN=PersonalUse_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
- msDS-MembersOfResourcePropertyList: CN=Project_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
- msDS-MembersOfResourcePropertyList: CN=RetentionPeriod_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
- msDS-MembersOfResourcePropertyList: CN=RetentionStartDate_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
- msDS-MembersOfResourcePropertyList: CN=Company_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
- msDS-MembersOfResourcePropertyList: CN=FolderUsage_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>
(D;;SDDT;;;WD)
(A;;RPLCLORC;;;AU)
(A;;RPWPCRLCLOCCRCWDWOSW;;;EA)
(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 127:{016f23f7-077d-41fa-a356-de7cfdb01797} 回调函数以升级显示说明符。 空值 不适用
操作 128:{49c140db-2de3-44c2-a99a-bab2e6d2ba81} 在配置分区中更新了文件夹使用资源属性对象 CN=FolderUsage_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 的字符串。 - description: The Folder Usage property specifies the purpose of the folder and the kind of files stored in it. 空值
操作 129:{e0b11c80-62c5-47f7-ad0d-3734a71b8312} 添加了 ACE,用于在 CN=Sam-Domain 对象上授予主体自我写入属性和读取属性。 空值 (OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)
操作 130:{2ada1a2d-b02f-4731-b4fe-59f955e24f71} 添加了 ACE,用于在 CN=Domain-DNS 对象上授予主体自我写入属性和读取属性。 空值 (OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)