Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
The msDS-RevealedList attribute exists on AD DS (starting with Windows Server 2008 operating system) but not on AD LDS.
The msDS-RevealedList attribute exists only on the computer object of an RODC. The value of msDS-RevealedList is a multivalued DN-String. The string portion of each value is the lDAPDisplayName of a secret attribute, and the DN portion of each value names an object. Each value represents the presence of a value for the named attribute on the named object on the RODC; in other words, the value has been "revealed" to the RODC.
The msDS-RevealedList attribute is constructed from the msDS-RevealedUsers attribute as follows.
Let O be the object from which the msDS-RevealedList attribute is being read.
Let RESULT be a set of DN-String, initially empty.
For each V (a DN-Binary) in O!msDS-RevealedUsers do the following:
Let USER be the object with DN V.object_DN.
Let P (a PROPERTY_META_DATA, see [MS-DRSR] section 4.1.10.2.23) equal V.binary_value.
Let SCH equal SchemaObj(P.attrType) ([MS-DRSR] section 5.183).
Let RV be a DN-String with RV.string_value equal SCH!lDAPDisplayName and RV.object_DN equal V.object_DN.
Let A be SCH!lDAPDisplayName.
If AttributeStampCompare(P.propMetadataExt, AttrStamp(USER, P.attrType)) = 0, set RESULT = RESULT + {RV }. (See [MS-DRSR] section 4.1.10.3.5 for procedure AttributeStampCompare, and [MS-DRSR] section 5.13 for procedure AttrStamp.)
Return the set RESULT (if empty, the msDS-RevealedList attribute is not present).