林范围更新

• 适用于:

  ✅ Windows Server 2025, ✅ Windows Server 2022, ✅ Windows Server 2019, ✅ Windows Server 2016

可以查看下面的一组更改，以便了解和准备在 Windows Server 上运行 adprep /forestprep 时执行的架构更新。

从 Windows Server 2012 开始，Adprep 命令会在 AD DS 安装期间按需自动运行。 也可以在安装 AD DS 之前单独运行这些命令。 有关详细信息，请参阅运行 Adprep.exe。

重要

林范围的架构更新由 adprep 累积执行。 例如，操作 131 - 135 在操作 136 - 142 之前执行。

有关如何解释访问控制条目 (ACE) 字符串的详细信息，请参阅 ACE 字符串。 有关如何解释安全 ID (SID) 字符串的详细信息，请参阅 SID 字符串。

Windows Server 2016：林范围的更新

Windows Server 2016 中 /forestprep 开关执行的操作（操作 136-142）完成后，CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=ForestRootDomain 对象的 revision 属性将设置为 16。

操作编号和 GUID	说明	属性	权限
操作 136：{328092FB-16E7-4453-9AB8-7592DB56E9C4}	将 CN=Send-As,CN=Extended-Rights 授予 gMSA 帐户。	空值	空值
操作 137：{3A1C887F-DF0A-489F-B3F2-2D0409095F6E}	将 CN=Receive-As,CN=Extended-Rights 授予 gMSA 帐户。	空值	空值
操作 138：{232E831F-F988-4444-8E3E-8A352E2FD411}	将 CN=Personal-Information,CN=Extended-Rights 授予 gMSA 帐户。	空值	不适用
操作 139：{DDDDCF0C-BEC9-4A5A-AE86-3CFE6CC6E110}	将 CN=Public-Information,CN=Extended-Rights 授予 gMSA 帐户。	空值	不适用
操作 140：{A0A45AAC-5550-42DF-BB6A-3CC5C46B52F2}	将 CN=Validated-SPN,CN=Extended-Rights 授予 gMSA 帐户。	空值	不适用
操作 141：{3E7645F3-3EA5-4567-B35A-87630449C70C}	将 CN=Allowed-To-Authenticate,CN=Extended-Rights 授予 gMSA 帐户。	空值	不适用
操作 142：{E634067B-E2C4-4D79-B6E8-73C619324D5E}	将 CN=MS-TS-GatewayAccess,CN=Extended-Rights 授予 gMSA 帐户。	空值	不适用

Windows Server 2012 R2：林范围的更新

Windows Server 2012 R2 中 /forestprep 开关执行的操作（操作 131-135）完成后，CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=ForestRootDomain 对象的 revision 属性将设置为 15。

操作编号和 GUID	说明	属性	权限
操作 131：{b83818c1-01a6-4f39-91b7-a3bb581c3ae3}	在配置分区中创建了新的身份验证策略配置容器对象 CN=AuthN Policy Configuration,CN=Services。	- objectClass: container - displayName: Authentication Policy Configuration - description: Contains configuration for authentication policy. - showInAdvancedViewOnly: True	(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 132：{bbbb9db0-4009-4368-8c40-6674e980d3c3}	在配置分区中创建了新的身份验证策略对象 CN=AuthN Policies,CN=AuthN Policy Configuration,CN=Services。	- objectClass: msDS-AuthNPolicies - displayName: Authentication Policies - description: Contains authentication policy objects. - showInAdvancedViewOnly: True	(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA) (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) (A;;RPLCLORC;;;AU)
操作 133：{f754861c-3692-4a7b-b2c2-d0fa28ed0b0b}	在配置分区中创建了新的身份验证策略孤岛对象 CN=AuthN Silos,CN=AuthN Policy Configuration,CN=Services。	- objectClass: msDS-AuthNPolicySilos - displayName: Authentication Policy Silos - description: Contains authentication policy silo objects. - showInAdvancedViewOnly: True	(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA) (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) (A;;RPLCLORC;;;AU)
操作 134：{d32f499f-3026-4af0-a5bd-13fe5a331bd2}	在配置分区中创建了新的身份验证孤岛声明类型对象 CN=ad://ext/AuthenticationSilo,CN=Claim Types,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ClaimType - displayname: AuthenticationSilo - name: ad://ext/AuthenticationSilo - Enabled: True - msDS-ClaimIsValueSpaceRestricted: True - msDS-ClaimIsSingleValued: True - msDS-ClaimSourceType: Constructed - msDS-ClaimValueType: 3 - msDS-ClaimTypeAppliesToClass: CN=User,CN=Schema,%ws - msDS-ClaimTypeAppliesToClass: CN=Computer,CN=Schema,%ws - msDS-ClaimTypeAppliesToClass: CN=ms-DS-Managed-Service-Account,CN=Schema,%ws - msDS-ClaimTypeAppliesToClass: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,%ws	(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA) (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) (A;;RPLCLORC;;;AU)
操作 135：{38618886-98ee-4e42-8cf1-d9a2cd9edf8b}	将新身份验证孤岛声明类型中的 msDS-ClaimIsValueSpaceRestricted 属性设置为 false	- msDS-ClaimIsValueSpaceRestricted: False	不适用

Windows Server 2012：林范围的更新

Windows Server 2012 中 /forestprep 开关执行的操作（操作 84-130）完成后，CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=ForestRootDomain 对象的 revision 属性将设置为 11。

操作编号和 GUID	说明	属性	权限
操作 84：{4664e973-cb20-4def-b3d5-559d6fe123e0}	在配置分区中创建了新容器 CN=Claims Configuration,CN=Services。	- objectClass: container	(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 85：{2972d92d-a07a-44ac-9cb0-bf243356f345}	在配置分区中创建了新对象 CN=Claim Types,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ClaimTypes - showInAdvancedViewOnly: True	(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 86：{09a49cb3-6c54-4b83-ab20-8370838ba149}	在配置分区中创建了新对象 CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperties - showInAdvancedViewOnly: True	(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 87：{77283e65-ce02-4dc3-8c1e-bf99b22527c2}	在配置分区中创建了新容器 CN=Resource Property Lists,CN=Claims Configuration,CN=Services。	- objectClass: container - showInAdvancedViewOnly: True	(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 88：{0afb7f53-96bd-404b-a659-89e65c269420}	在架构分区中创建了新对象 CN=Sam-Domain。	空值	创建了以下访问控制条目 (ACE)，以在对象上授予“自行向主体写入属性”权限： (OA;CIIO;WP;ea1b7b93-5e48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)
操作 89：{c7f717ef-fdbe-4b4b-8dfc-fa8b839fbcfa}	在架构分区中创建了新对象 CN=Domain-DNS。	空值	创建了以下访问控制条目 (ACE)，以在对象上授予“自行向主体写入属性”权限： (OA;CIIO;WP;ea1b7b93-5e48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)
操作 90：{00232167-f3a4-43c6-b503-9acb7a81b01c}	回调函数以升级显示说明符。	空值	空值
操作 91：{73a9515b-511c-44d2-822b-444a33d3bd33}	在配置分区中创建了新容器 CN=Microsoft SPP,CN=Services。	- objectClass: container - showInAdvancedViewOnly: True	(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 92：{e0c60003-2ed7-4fd3-8659-7655a7e79397}	在配置分区中创建了新激活对象容器 CN=Activation Objects,CN=Microsoft SPP,CN=Services。	- objectClass: msSPP-ActivationObjectsContainer - showInAdvancedViewOnly: True	(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 93：{ed0c8cca-80ab-4b6b-ac5a-59b1d317e11f}	在配置分区中创建了新中心访问策略容器 CN=Central Access Policies,CN=Claims Configuration,CN=Services。	- objectClass: msAuthz-CentralAccessPolicies - showInAdvancedViewOnly: True	(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 94：{b6a6c19a-afc9-476b-8994-61f5b14b3f05}	在配置分区中创建了新中心访问策略条目容器 CN=Central Access Rules,CN=Claims Configuration,CN=Services。	- objectClass: msAuthz-CentralAccessRules - showInAdvancedViewOnly: True	(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 95：{defc28cd-6cb6-4479-8bcb-aabfb41e9713}	在配置分区中创建了新组密钥分发服务容器 CN=Group Key Distribution Service,CN=Services。	- objectClass: container - description: The container contains configuration and data for Group Key Distribution Service. - showInAdvancedViewOnly: True	(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 96：{d6bd96d4-e66b-4a38-9c6b-e976ff58c56d}	在配置分区中创建了新主根密钥容器 CN=Master Root Keys,CN=Group Key Distribution Service,CN=Services。	- objectClass: container - description: The container contains master root keys for Group Key Distribution Service. - showInAdvancedViewOnly: True	(A;;RPLCLORC;;;AU？ (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 97：{bb8efc40-3090-4fa2-8a3f-7cd1d380e695}	在配置分区中创建了新服务器配置容器 CN=Server Configuration,CN=Group Key Distribution Service,CN=Services。	- objectClass: container - description: The container contains Group Key Distribution Service configurations. - showInAdvancedViewOnly: True	(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 98：{2d6abe1b-4326-489e-920c-76d5337d2dc5}	在配置分区中创建了新的空服务器配置对象容器 CN=Group Key Distribution Service Server Configuration,CN=Server Configuration,CN=Group Key Distribution Service,CN=Services。	- objectClass: msKds-ProvServerConfiguration - description: The configuration of cryptography algorithms used by Group Key Distribution Service. - msKds-Version: 1 - showInAdvancedViewOnly: True	(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 99：{6b13dfb5-cecc-4fb8-b28d-0505cea24175}	在配置分区中创建了新的声明转换策略配置容器 CN=Claims Transformation Policies,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ClaimsTransformationPolicies - showInAdvancedViewOnly: True	(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 100：{92e73422-c68b-46c9-b0d5-b55f9c741410}	在配置分区中创建了新的值类型配置容器 CN=Value Types,CN=Claims Configuration,CN=Services。	- objectClass: container - showInAdvancedViewOnly: True	(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 101：{c0ad80b4-8e84-4cc4-9163-2f84649bcc42}	在配置分区中创建了新的 SinglevaluedChoice 值类型配置对象 CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ValueType - description: You can use this type to author a resource property. When assigning value to a resource property of this value type, a user can choose only one entry from a list of suggested values. - displayname: Single-valued Choice - msDS-ClaimValueType: 3 - msDS-ClaimIsValueSpaceRestricted: True - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: True - showInAdvancedViewOnly: True	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 102：{992fe1d0-6591-4f24-a163-c820fcb7f308}	在配置分区中创建了新的 YesNo 值类型配置对象 CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ValueType - description: The valid values for this type are Yes or No. - displayname: Yes/No - msDS-ClaimValueType: 6 - msDS-ClaimIsValueSpaceRestricted: False - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: False - showInAdvancedViewOnly: True	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 103：{ede85f96-7061-47bf-b11b-0c0d999595b5}	在配置分区中创建了新的 Number 值类型配置对象 CN=MS-DS-Number,CN=Value Types,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ValueType - description: You can use this type to author resource properties that contain a single number. - displayname: Number - msDS-ClaimValueType: 1 - msDS-ClaimIsValueSpaceRestricted: False - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: False - showInAdvancedViewOnly: True	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 104：{ee0f3271-eb51-414a-bdac-8f9ba6397a39}	在配置分区中创建了新的 DateTime 值类型配置对象 CN=MS-DS-DateTime,CN=Value Types,CN=Claims Configuration,CN=Services。	- objectClass：msDS-ValueType - description: You can use this type to author resource properties that are of the date and time format. - displayname: Date Time - msDS-ClaimValueType: 1 - msDS-ClaimIsValueSpaceRestricted: False - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: False - showInAdvancedViewOnly: True	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 105：{587d52e0-507e-440e-9d67-e6129f33bb68}	在配置分区中创建了新的 OrderedList 值类型配置对象 CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ValueType - description: You can use this type to author resource properties that contain a single choice entry that can be compared to other resource properties of the same type. A user typically chooses the entry from a list of ordered suggested values that are provided by ms-DS-Claim-Possible-Values on the resource properties. - displayname: Ordered List - msDS-ClaimValueType: 1 - msDS-ClaimIsValueSpaceRestricted: True - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: True - showInAdvancedViewOnly: True	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 106：{ce24f0f6-237e-43d6-ac04-1e918ab04aac}	在配置分区中创建了新的 Text 值类型配置对象 CN=MS-DS-Text,CN=Value Types,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ValueType - description: You can use this type to author resource properties that contain a single text entry. - displayname: Text - msDS-ClaimValueType: 3 - msDS-ClaimIsValueSpaceRestricted: False - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: False - showInAdvancedViewOnly: True	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 107：{7f77d431-dd6a-434f-ae4d-ce82928e498f}	在配置分区中创建了新的 MultivaluedText 值类型配置对象 CN=MS-DS-MultivaluedText,CN=Value Types,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ValueType - description: You can use this type to author resource properties that can have multiple text entries. - displayname: Multi-valued Text<br />- msDS-ClaimValueType: 3<br />- msDS-ClaimIsValueSpaceRestricted: False<br />- msDS-ClaimIsSingleValued: False<br />- msDS-IsPossibleValuesPresent: False<br />- showInAdvancedViewOnly: True	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 108：{ba14e1f6-7cd1-4739-804f-57d0ea74edf4}	在配置分区中创建了新的 MultivaluedChoice 值类型配置对象 CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ValueType - description: You can use this type to author resource properties that can have multiple entries that can't be compared. A user typically chooses each entry from a list of suggested values that are provided by ms-DS-Claim-Possible-Values on the resource properties. - displayname: Multi-valued Choice - msDS-ClaimValueType: 3 - msDS-ClaimIsValueSpaceRestricted: True - msDS-ClaimIsSingleValued: False - msDS-IsPossibleValuesPresent: True - showInAdvancedViewOnly: True	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 109：{156ffa2a-e07c-46fb-a5c4-fbd84a4e5cce}	在配置分区中创建了新的个人身份信息资源属性对象 CN=PII_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Personally Identifiable Information (PII) property specifies whether the resource contains PII and if it does, what the sensitivity level of that information is. - displayname: Personally Identifiable Information - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 110：{7771d7dd-2231-4470-aa74-84a6f56fc3b6}	在配置分区中创建了新的受保护健康信息资源属性对象 CN=ProtectedHealthInformation_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Protected Health Information (PHI) property specifies whether the resource contains any data related to an individual's medical record or medical payment history. - displayname: Protected Health Information - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 111：{49b2ae86-839a-4ea0-81fe-9171c1b98e83}	在配置分区中创建了新的所需许可资源属性对象 CN=RequiredClearance_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Required Clearance property specifies the level of clearance a user should possess before attempting to access the resource. - displayname: Required Clearance - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 112：{1b1de989-57ec-4e96-b933-8279a8119da4}	在配置分区中创建了新的机密性资源属性对象 CN=Confidentiality_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Confidentiality property specifies the level of confidentiality of the resource, and the potential impact of inadvertent access or disclosure. - displayname: Confidentiality - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 113：{281c63f0-2c9a-4cce-9256-a238c23c0db9}	在配置分区中创建了新的合规性资源属性对象 CN=Compliancy_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Compliancy property specifies the compliance frameworks that apply to the resource. - displayname: Compliancy - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 114：{4c47881a-f15a-4f6c-9f49-2742f7a11f4b}	在配置分区中创建了新的可发现性资源属性对象 CN=Discoverability_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Discoverability property specifies whether the resource contains potential evidence that might require disclosure to opposing legal counsel during the course of current or future litigation. - displayname: Discoverability - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 115：{2aea2dc6-d1d3-4f0c-9994-66c1da21de0f}	在配置分区中创建了新的不可变资源属性对象 CN=Immutable_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Immutable property specifies whether a user should be allowed to delete a resource or change its contents. - displayname: Immutable - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 116：{ae78240c-43b9-499e-ae65-2b6e0f0e202a}	在配置分区中创建了新的知识产权资源属性对象 CN=IntellectualProperty_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Intellectual Property (IP) property specifies whether the resource contains IP, and if so, what kind. - displayname: Intellectual Property - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 117：{261b5bba-3438-4d5c-a3e9-7b871e5f57f0}	在配置分区中创建了新的部门资源属性对象 CN=Department_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Department property specifies the name of the department to which the resource belongs. - displayname: Department - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 118：{3fb79c05-8ea1-438c-8c7a-81f213aa61c2}	在配置分区中创建了新的影响资源属性对象 CN=Impact_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Impact property specifies the degree of organizational impact from inappropriate access or loss of the resource. - displayname: Impact - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain - msDS-ClaimPossibleValues: High - High business impact (HBI) - 3000, Moderate - Medium business impact (MBI) - 2000, Low - Low business impact (LBI) - 1000>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 119：{0b2be39a-d463-4c23-8290-32186759d3b1}	在配置分区中创建了新的个人使用资源属性对象 CN=PersonalUse_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Personal Use property specifies whether the file is for personal use (not business related). - displayname: Personal Use - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 120：{f0842b44-bc03-46a1-a860-006e8527fccd}	在配置分区中创建了新的项目资源属性对象 CN=Project_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Project property specifies the names of one or more projects that are relevant to the resource. - displayname: Project - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 121：{93efec15-4dd9-4850-bc86-a1f2c8e2ebb9}	在配置分区中创建了新的保留期资源属性对象 CN=RetentionPeriod_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Retention Period property specifies the maximum period for which the file should be retained. - displayname: Retention Period - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 122：{9e108d96-672f-40f0-b6bd-69ee1f0b7ac4}	在配置分区中创建了新的保留期开始日期资源属性对象 CN=RetentionStartDate_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Retention Start Date property defines the starting date for a Retention Period. The retention period would begin on the Retention Start Date. - displayname: Retention Start Date - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: False - msDS-ValueTypeReference: CN=MS-DS-DateTime,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 123：{1e269508-f862-4c4a-b01f-420d26c4ff8c}	在配置分区中创建了新的公司资源属性对象 CN=Company_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Company property specifies which company the resource belongs to. - displayname: Company - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 125：{e1ab17ed-5efb-4691-ad2d-0424592c5755} 注意：已删除 操作 124。	在配置分区中创建了新的文件夹使用资源属性对象 CN=FolderUsage_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourceProperty - description: The Folder Usage property specifies the purpose of the folder and the kind of files stored in it. - displayname: Folder Usage - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: False - msDS-AppliestoResourceTypes: MS-DS-Container - msDS-ValueTypeReference: CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 126：{0e848bd4-7c70-48f2-b8fc-00fbaa82e360}	在配置分区中创建了新的全局资源属性列表配置对象 CN=Global Resource Property List,CN=Resource Property Lists,CN=Claims Configuration,CN=Services。	- objectClass: msDS-ResourcePropertyList - description: This is a global out of box resource property list that contains all resource properties that can be consumed by applications. - showInAdvancedViewOnly: True - msDS-MembersOfResourcePropertyList: CN=PII_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=ProtectedHealthInformation_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=RequiredClearance_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Confidentiality_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Compliancy_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Discoverability_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Immutable_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=IntellectualProperty_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Department_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Impact_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=PersonalUse_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Project_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=RetentionPeriod_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=RetentionStartDate_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Company_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=FolderUsage_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain>	(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
操作 127：{016f23f7-077d-41fa-a356-de7cfdb01797}	回调函数以升级显示说明符。	空值	不适用
操作 128：{49c140db-2de3-44c2-a99a-bab2e6d2ba81}	在配置分区中更新了文件夹使用资源属性对象 CN=FolderUsage_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 的字符串。	- description: The Folder Usage property specifies the purpose of the folder and the kind of files stored in it.	空值
操作 129：{e0b11c80-62c5-47f7-ad0d-3734a71b8312}	添加了 ACE，用于在 CN=Sam-Domain 对象上授予主体自我写入属性和读取属性。	空值	(OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)
操作 130：{2ada1a2d-b02f-4731-b4fe-59f955e24f71}	添加了 ACE，用于在 CN=Domain-DNS 对象上授予主体自我写入属性和读取属性。	空值	(OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)