6.1.3.7 Owner and Group Defaulting Rules

The OWNER and GROUP fields are defaulted in the following scenarios:

• The SD flags do not include the OWNER bit.

• The SD flags include the OWNER bit, but the OWNER field in the supplied value is NULL.

In the preceding cases, the OWNER field is defaulted as follows:

• If the user performing the operation is a member of the DAG for the object (when it is defined), the SID of this group is written into the OWNER field of the SD.

• Otherwise, if the requester's security context contains the TokenOwner field, then the SID contained in this field is written into the OWNER field of the SD.

• Otherwise, the requester's user SID is written into the OWNER field of the SD.

If the DC functional level is DS_BEHAVIOR_WIN2008 or higher, and the DAG was used as the default OWNER field value, then the same SID is written into the GROUP field. In all other cases, the GROUP field is not modified before the SD value is passed to the CreateSecurityDescriptor algorithm as specified in section 6.1.3.