林范围更新
可以查看下面的一组更改,以便了解和准备在 Windows Server 上运行 adprep /forestprep
时执行的架构更新。
从 Windows Server 2012 开始,Adprep 命令会在 AD DS 安装期间按需自动运行。 也可以在安装 AD DS 之前单独运行这些命令。 有关详细信息,请参阅运行 Adprep.exe。
重要
林范围的架构更新由 adprep
累积执行。 例如,操作 131 - 135 在操作 136 - 142 之前执行。
有关如何解释访问控制条目 (ACE) 字符串的详细信息,请参阅 ACE 字符串。 有关如何解释安全 ID (SID) 字符串的详细信息,请参阅 SID 字符串。
Windows Server 2016:林范围的更新
Windows Server 2016 中 /forestprep
开关执行的操作(操作 136-142)完成后,CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=ForestRootDomain 对象的 revision 属性将设置为 16。
操作编号和 GUID | 说明 | 属性 | 权限 |
---|---|---|---|
操作 136:{328092FB-16E7-4453-9AB8-7592DB56E9C4} | 将 CN=Send-As,CN=Extended-Rights 授予 gMSA 帐户。 |
空值 | 空值 |
操作 137:{3A1C887F-DF0A-489F-B3F2-2D0409095F6E} | 将 CN=Receive-As,CN=Extended-Rights 授予 gMSA 帐户。 |
空值 | 空值 |
操作 138:{232E831F-F988-4444-8E3E-8A352E2FD411} | 将 CN=Personal-Information,CN=Extended-Rights 授予 gMSA 帐户。 |
空值 | 不适用 |
操作 139:{DDDDCF0C-BEC9-4A5A-AE86-3CFE6CC6E110} | 将 CN=Public-Information,CN=Extended-Rights 授予 gMSA 帐户。 |
空值 | 不适用 |
操作 140:{A0A45AAC-5550-42DF-BB6A-3CC5C46B52F2} | 将 CN=Validated-SPN,CN=Extended-Rights 授予 gMSA 帐户。 |
空值 | 不适用 |
操作 141:{3E7645F3-3EA5-4567-B35A-87630449C70C} | 将 CN=Allowed-To-Authenticate,CN=Extended-Rights 授予 gMSA 帐户。 |
空值 | 不适用 |
操作 142:{E634067B-E2C4-4D79-B6E8-73C619324D5E} | 将 CN=MS-TS-GatewayAccess,CN=Extended-Rights 授予 gMSA 帐户。 |
空值 | 不适用 |
Windows Server 2012 R2:林范围的更新
Windows Server 2012 R2 中 /forestprep
开关执行的操作(操作 131-135)完成后,CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=ForestRootDomain 对象的 revision 属性将设置为 15。
操作编号和 GUID | 说明 | 属性 | 权限 |
---|---|---|---|
操作 131:{b83818c1-01a6-4f39-91b7-a3bb581c3ae3} | 在配置分区中创建了新的身份验证策略配置容器对象 CN=AuthN Policy Configuration,CN=Services 。 |
- objectClass: container - displayName: Authentication Policy Configuration - description: Contains configuration for authentication policy. - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 132:{bbbb9db0-4009-4368-8c40-6674e980d3c3} | 在配置分区中创建了新的身份验证策略对象 CN=AuthN Policies,CN=AuthN Policy Configuration,CN=Services 。 |
- objectClass: msDS-AuthNPolicies - displayName: Authentication Policies - description: Contains authentication policy objects. - showInAdvancedViewOnly: True |
(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA) (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) (A;;RPLCLORC;;;AU) |
操作 133:{f754861c-3692-4a7b-b2c2-d0fa28ed0b0b} | 在配置分区中创建了新的身份验证策略孤岛对象 CN=AuthN Silos,CN=AuthN Policy Configuration,CN=Services 。 |
- objectClass: msDS-AuthNPolicySilos - displayName: Authentication Policy Silos - description: Contains authentication policy silo objects. - showInAdvancedViewOnly: True |
(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA) (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) (A;;RPLCLORC;;;AU) |
操作 134:{d32f499f-3026-4af0-a5bd-13fe5a331bd2} | 在配置分区中创建了新的身份验证孤岛声明类型对象 CN=ad://ext/AuthenticationSilo,CN=Claim Types,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ClaimType - displayname: AuthenticationSilo - name: ad://ext/AuthenticationSilo - Enabled: True - msDS-ClaimIsValueSpaceRestricted: True - msDS-ClaimIsSingleValued: True - msDS-ClaimSourceType: Constructed - msDS-ClaimValueType: 3 - msDS-ClaimTypeAppliesToClass: CN=User,CN=Schema,%ws - msDS-ClaimTypeAppliesToClass: CN=Computer,CN=Schema,%ws - msDS-ClaimTypeAppliesToClass: CN=ms-DS-Managed-Service-Account,CN=Schema,%ws - msDS-ClaimTypeAppliesToClass: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,%ws |
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA) (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) (A;;RPLCLORC;;;AU) |
操作 135:{38618886-98ee-4e42-8cf1-d9a2cd9edf8b} | 将新身份验证孤岛声明类型中的 msDS-ClaimIsValueSpaceRestricted 属性设置为 false |
- msDS-ClaimIsValueSpaceRestricted: False |
不适用 |
Windows Server 2012:林范围的更新
Windows Server 2012 中 /forestprep
开关执行的操作(操作 84-130)完成后,CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,DC=ForestRootDomain 对象的 revision 属性将设置为 11。
操作编号和 GUID | 说明 | 属性 | 权限 |
---|---|---|---|
操作 84:{4664e973-cb20-4def-b3d5-559d6fe123e0} | 在配置分区中创建了新容器 CN=Claims Configuration,CN=Services 。 |
- objectClass: container |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 85:{2972d92d-a07a-44ac-9cb0-bf243356f345} | 在配置分区中创建了新对象 CN=Claim Types,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ClaimTypes - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 86:{09a49cb3-6c54-4b83-ab20-8370838ba149} | 在配置分区中创建了新对象 CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperties - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 87:{77283e65-ce02-4dc3-8c1e-bf99b22527c2} | 在配置分区中创建了新容器 CN=Resource Property Lists,CN=Claims Configuration,CN=Services 。 |
- objectClass: container - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 88:{0afb7f53-96bd-404b-a659-89e65c269420} | 在架构分区中创建了新对象 CN=Sam-Domain 。 |
空值 | 创建了以下访问控制条目 (ACE),以在对象上授予“自行向主体写入属性”权限:
|
操作 89:{c7f717ef-fdbe-4b4b-8dfc-fa8b839fbcfa} | 在架构分区中创建了新对象 CN=Domain-DNS 。 |
空值 | 创建了以下访问控制条目 (ACE),以在对象上授予“自行向主体写入属性”权限:
|
操作 90:{00232167-f3a4-43c6-b503-9acb7a81b01c} | 回调函数以升级显示说明符。 | 空值 | 空值 |
操作 91:{73a9515b-511c-44d2-822b-444a33d3bd33} | 在配置分区中创建了新容器 CN=Microsoft SPP,CN=Services 。 |
- objectClass: container - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 92:{e0c60003-2ed7-4fd3-8659-7655a7e79397} | 在配置分区中创建了新激活对象容器 CN=Activation Objects,CN=Microsoft SPP,CN=Services 。 |
- objectClass: msSPP-ActivationObjectsContainer - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 93:{ed0c8cca-80ab-4b6b-ac5a-59b1d317e11f} | 在配置分区中创建了新中心访问策略容器 CN=Central Access Policies,CN=Claims Configuration,CN=Services 。 |
- objectClass: msAuthz-CentralAccessPolicies - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 94:{b6a6c19a-afc9-476b-8994-61f5b14b3f05} | 在配置分区中创建了新中心访问策略条目容器 CN=Central Access Rules,CN=Claims Configuration,CN=Services 。 |
- objectClass: msAuthz-CentralAccessRules - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 95:{defc28cd-6cb6-4479-8bcb-aabfb41e9713} | 在配置分区中创建了新组密钥分发服务容器 CN=Group Key Distribution Service,CN=Services 。 |
- objectClass: container - description: The container contains configuration and data for Group Key Distribution Service. - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 96:{d6bd96d4-e66b-4a38-9c6b-e976ff58c56d} | 在配置分区中创建了新主根密钥容器 CN=Master Root Keys,CN=Group Key Distribution Service,CN=Services 。 |
- objectClass: container - description: The container contains master root keys for Group Key Distribution Service. - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU ?(A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 97:{bb8efc40-3090-4fa2-8a3f-7cd1d380e695} | 在配置分区中创建了新服务器配置容器 CN=Server Configuration,CN=Group Key Distribution Service,CN=Services 。 |
- objectClass: container - description: The container contains Group Key Distribution Service configurations. - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 98:{2d6abe1b-4326-489e-920c-76d5337d2dc5} | 在配置分区中创建了新的空服务器配置对象容器 CN=Group Key Distribution Service Server Configuration,CN=Server Configuration,CN=Group Key Distribution Service,CN=Services 。 |
- objectClass: msKds-ProvServerConfiguration - description: The configuration of cryptography algorithms used by Group Key Distribution Service. - msKds-Version: 1 - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 99:{6b13dfb5-cecc-4fb8-b28d-0505cea24175} | 在配置分区中创建了新的声明转换策略配置容器 CN=Claims Transformation Policies,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ClaimsTransformationPolicies - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCDCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 100:{92e73422-c68b-46c9-b0d5-b55f9c741410} | 在配置分区中创建了新的值类型配置容器 CN=Value Types,CN=Claims Configuration,CN=Services 。 |
- objectClass: container - showInAdvancedViewOnly: True |
(A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 101:{c0ad80b4-8e84-4cc4-9163-2f84649bcc42} | 在配置分区中创建了新的 SinglevaluedChoice 值类型配置对象 CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ValueType - description: You can use this type to author a resource property. When assigning value to a resource property of this value type, a user can choose only one entry from a list of suggested values. - displayname: Single-valued Choice - msDS-ClaimValueType: 3 - msDS-ClaimIsValueSpaceRestricted: True - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: True - showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 102:{992fe1d0-6591-4f24-a163-c820fcb7f308} | 在配置分区中创建了新的 YesNo 值类型配置对象 CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ValueType - description: The valid values for this type are Yes or No. - displayname: Yes/No - msDS-ClaimValueType: 6 - msDS-ClaimIsValueSpaceRestricted: False - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: False - showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 103:{ede85f96-7061-47bf-b11b-0c0d999595b5} | 在配置分区中创建了新的 Number 值类型配置对象 CN=MS-DS-Number,CN=Value Types,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ValueType - description: You can use this type to author resource properties that contain a single number. - displayname: Number - msDS-ClaimValueType: 1 - msDS-ClaimIsValueSpaceRestricted: False - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: False - showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 104:{ee0f3271-eb51-414a-bdac-8f9ba6397a39} | 在配置分区中创建了新的 DateTime 值类型配置对象 CN=MS-DS-DateTime,CN=Value Types,CN=Claims Configuration,CN=Services 。 |
- objectClass:msDS-ValueType - description: You can use this type to author resource properties that are of the date and time format. - displayname: Date Time - msDS-ClaimValueType: 1 - msDS-ClaimIsValueSpaceRestricted: False - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: False - showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 105:{587d52e0-507e-440e-9d67-e6129f33bb68} | 在配置分区中创建了新的 OrderedList 值类型配置对象 CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ValueType - description: You can use this type to author resource properties that contain a single choice entry that can be compared to other resource properties of the same type. A user typically chooses the entry from a list of ordered suggested values that are provided by ms-DS-Claim-Possible-Values on the resource properties. - displayname: Ordered List - msDS-ClaimValueType: 1 - msDS-ClaimIsValueSpaceRestricted: True - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: True - showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 106:{ce24f0f6-237e-43d6-ac04-1e918ab04aac} | 在配置分区中创建了新的 Text 值类型配置对象 CN=MS-DS-Text,CN=Value Types,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ValueType - description: You can use this type to author resource properties that contain a single text entry. - displayname: Text - msDS-ClaimValueType: 3 - msDS-ClaimIsValueSpaceRestricted: False - msDS-ClaimIsSingleValued: True - msDS-IsPossibleValuesPresent: False - showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 107:{7f77d431-dd6a-434f-ae4d-ce82928e498f} | 在配置分区中创建了新的 MultivaluedText 值类型配置对象 CN=MS-DS-MultivaluedText,CN=Value Types,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ValueType - description: You can use this type to author resource properties that can have multiple text entries. - displayname: Multi-valued Text<br />- msDS-ClaimValueType: 3<br />- msDS-ClaimIsValueSpaceRestricted: False<br />- msDS-ClaimIsSingleValued: False<br />- msDS-IsPossibleValuesPresent: False<br />- showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 108:{ba14e1f6-7cd1-4739-804f-57d0ea74edf4} | 在配置分区中创建了新的 MultivaluedChoice 值类型配置对象 CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ValueType - description: You can use this type to author resource properties that can have multiple entries that can't be compared. A user typically chooses each entry from a list of suggested values that are provided by ms-DS-Claim-Possible-Values on the resource properties. - displayname: Multi-valued Choice - msDS-ClaimValueType: 3 - msDS-ClaimIsValueSpaceRestricted: True - msDS-ClaimIsSingleValued: False - msDS-IsPossibleValuesPresent: True - showInAdvancedViewOnly: True |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 109:{156ffa2a-e07c-46fb-a5c4-fbd84a4e5cce} | 在配置分区中创建了新的个人身份信息资源属性对象 CN=PII_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Personally Identifiable Information (PII) property specifies whether the resource contains PII and if it does, what the sensitivity level of that information is. - displayname: Personally Identifiable Information - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 110:{7771d7dd-2231-4470-aa74-84a6f56fc3b6} | 在配置分区中创建了新的受保护健康信息资源属性对象 CN=ProtectedHealthInformation_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Protected Health Information (PHI) property specifies whether the resource contains any data related to an individual's medical record or medical payment history. - displayname: Protected Health Information - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 111:{49b2ae86-839a-4ea0-81fe-9171c1b98e83} | 在配置分区中创建了新的所需许可资源属性对象 CN=RequiredClearance_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Required Clearance property specifies the level of clearance a user should possess before attempting to access the resource. - displayname: Required Clearance - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 112:{1b1de989-57ec-4e96-b933-8279a8119da4} | 在配置分区中创建了新的机密性资源属性对象 CN=Confidentiality_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Confidentiality property specifies the level of confidentiality of the resource, and the potential impact of inadvertent access or disclosure. - displayname: Confidentiality - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 113:{281c63f0-2c9a-4cce-9256-a238c23c0db9} | 在配置分区中创建了新的合规性资源属性对象 CN=Compliancy_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Compliancy property specifies the compliance frameworks that apply to the resource. - displayname: Compliancy - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 114:{4c47881a-f15a-4f6c-9f49-2742f7a11f4b} | 在配置分区中创建了新的可发现性资源属性对象 CN=Discoverability_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Discoverability property specifies whether the resource contains potential evidence that might require disclosure to opposing legal counsel during the course of current or future litigation. - displayname: Discoverability - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 115:{2aea2dc6-d1d3-4f0c-9994-66c1da21de0f} | 在配置分区中创建了新的不可变资源属性对象 CN=Immutable_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Immutable property specifies whether a user should be allowed to delete a resource or change its contents. - displayname: Immutable - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 116:{ae78240c-43b9-499e-ae65-2b6e0f0e202a} | 在配置分区中创建了新的知识产权资源属性对象 CN=IntellectualProperty_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Intellectual Property (IP) property specifies whether the resource contains IP, and if so, what kind. - displayname: Intellectual Property - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 117:{261b5bba-3438-4d5c-a3e9-7b871e5f57f0} | 在配置分区中创建了新的部门资源属性对象 CN=Department_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Department property specifies the name of the department to which the resource belongs. - displayname: Department - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 118:{3fb79c05-8ea1-438c-8c7a-81f213aa61c2} | 在配置分区中创建了新的影响资源属性对象 CN=Impact_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Impact property specifies the degree of organizational impact from inappropriate access or loss of the resource. - displayname: Impact - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-OrderedList,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain - msDS-ClaimPossibleValues: High - High business impact (HBI) - 3000, Moderate - Medium business impact (MBI) - 2000, Low - Low business impact (LBI) - 1000> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 119:{0b2be39a-d463-4c23-8290-32186759d3b1} | 在配置分区中创建了新的个人使用资源属性对象 CN=PersonalUse_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Personal Use property specifies whether the file is for personal use (not business related). - displayname: Personal Use - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-YesNo,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 120:{f0842b44-bc03-46a1-a860-006e8527fccd} | 在配置分区中创建了新的项目资源属性对象 CN=Project_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Project property specifies the names of one or more projects that are relevant to the resource. - displayname: Project - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 121:{93efec15-4dd9-4850-bc86-a1f2c8e2ebb9} | 在配置分区中创建了新的保留期资源属性对象 CN=RetentionPeriod_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Retention Period property specifies the maximum period for which the file should be retained. - displayname: Retention Period - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 122:{9e108d96-672f-40f0-b6bd-69ee1f0b7ac4} | 在配置分区中创建了新的保留期开始日期资源属性对象 CN=RetentionStartDate_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Retention Start Date property defines the starting date for a Retention Period. The retention period would begin on the Retention Start Date. - displayname: Retention Start Date - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: False - msDS-ValueTypeReference: CN=MS-DS-DateTime,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 123:{1e269508-f862-4c4a-b01f-420d26c4ff8c} | 在配置分区中创建了新的公司资源属性对象 CN=Company_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Company property specifies which company the resource belongs to. - displayname: Company - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: True - msDS-ValueTypeReference: CN=MS-DS-SinglevaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 125:{e1ab17ed-5efb-4691-ad2d-0424592c5755} 注意:已删除 操作 124。 | 在配置分区中创建了新的文件夹使用资源属性对象 CN=FolderUsage_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourceProperty - description: The Folder Usage property specifies the purpose of the folder and the kind of files stored in it. - displayname: Folder Usage - Enabled: False - msDS-IsUsedAsResourceSecurityAttribute: False - msDS-AppliestoResourceTypes: MS-DS-Container - msDS-ValueTypeReference: CN=MS-DS-MultivaluedChoice,CN=Value Types,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 126:{0e848bd4-7c70-48f2-b8fc-00fbaa82e360} | 在配置分区中创建了新的全局资源属性列表配置对象 CN=Global Resource Property List,CN=Resource Property Lists,CN=Claims Configuration,CN=Services 。 |
- objectClass: msDS-ResourcePropertyList - description: This is a global out of box resource property list that contains all resource properties that can be consumed by applications. - showInAdvancedViewOnly: True - msDS-MembersOfResourcePropertyList: CN=PII_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=ProtectedHealthInformation_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=RequiredClearance_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Confidentiality_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Compliancy_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Discoverability_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Immutable_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=IntellectualProperty_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Department_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Impact_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=PersonalUse_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Project_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=RetentionPeriod_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=RetentionStartDate_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=Company_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> - msDS-MembersOfResourcePropertyList: CN=FolderUsage_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services,CN=Configuration,CN=\<forest root domain> |
(D;;SDDT;;;WD) (A;;RPLCLORC;;;AU) (A;;RPWPCRLCLOCCRCWDWOSW;;;EA) (A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY) |
操作 127:{016f23f7-077d-41fa-a356-de7cfdb01797} | 回调函数以升级显示说明符。 | 空值 | 不适用 |
操作 128:{49c140db-2de3-44c2-a99a-bab2e6d2ba81} | 在配置分区中更新了文件夹使用资源属性对象 CN=FolderUsage_MS,CN=Resource Properties,CN=Claims Configuration,CN=Services 的字符串。 |
- description: The Folder Usage property specifies the purpose of the folder and the kind of files stored in it. |
空值 |
操作 129:{e0b11c80-62c5-47f7-ad0d-3734a71b8312} | 添加了 ACE,用于在 CN=Sam-Domain 对象上授予主体自我写入属性和读取属性。 |
空值 | (OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS) |
操作 130:{2ada1a2d-b02f-4731-b4fe-59f955e24f71} | 添加了 ACE,用于在 CN=Domain-DNS 对象上授予主体自我写入属性和读取属性。 |
空值 | (OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS) |