Edit

Group class

  • Article

Stores a list of user names. Used to apply security principals on resources.

Entry Value
CN Group
Ldap-Display-Name group
Update Privilege This value is set by the domain administrator.
Update Frequency -
Schema-Id-Guid bf967a9c-0de6-11d0-a285-00aa003049e2

Implementations

Windows 2000 Server

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.8
Default-Hiding-Value 0
Rdn-Att-Id Common-Name
Subclass of Top
Possible Superiors Domain-DNSOrganizational-UnitBuiltin-DomainContainer
Auxiliary Classes Security-Principal (System)Mail-Recipient (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
System-Flags 0x00000010

Windows 2000 Server Attributes

This class contains the following attributes for Windows 2000 Server:

Attribute Mandatory Derived from
Account-Name-History False Security-Principal
Admin-Count False Group
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Alt-Security-Identities False Security-Principal
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Comment False Mail-Recipient
Common-Name True Top
Mail-Recipient
Control-Access-Rights False Group
Create-Time-Stamp False Top
Description False Top
Desktop-Profile False Group
Display-Name False Top
Display-Name-Printable False Top
DSA-Signature False Top
DS-Core-Propagation-Data False Top
E-mail-Addresses False Group
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Garbage-Coll-Period False Mail-Recipient
Group-Attributes False Group
Group-Membership-SAM False Group
Group-Type True Group
Instance-Type True Top
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Last-Known-Parent False Top
Legacy-Exchange-DN False Mail-Recipient
Managed-By False Group
Managed-Objects False Top
Mastered-By False Top
Member False Group
Modify-Time-Stamp False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
netboot-SCP-BL False Top
Non-Security-Member False Group
Non-Security-Member-BL False Top
NT-Group-Members False Group
NT-Security-Descriptor True Top
Security-Principal
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Sid True Security-Principal
Object-Version False Top
Operator-Count False Group
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Possible-Inferiors False Top
Primary-Group-Token False Group
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
RDN False Top
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
Rid False Security-Principal
SAM-Account-Name True Security-Principal
SAM-Account-Type False Security-Principal
SD-Rights-Effective False Top
Security-Identifier False Security-Principal
Server-Reference-BL False Top
Show-In-Address-Book False Mail-Recipient
Show-In-Advanced-View-Only False Top
SID-History False Security-Principal
Site-Object-BL False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Supplemental-Credentials False Security-Principal
System-Flags False Top
Telephone-Number False Mail-Recipient
Text-Encoded-OR-Address False Mail-Recipient
Token-Groups False Security-Principal
Token-Groups-Global-And-Universal False Security-Principal
Token-Groups-No-GC-Acceptable False Security-Principal
User-Cert False Mail-Recipient
User-SMIME-Certificate False Mail-Recipient
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X509-Cert False Mail-Recipient

Windows 2000 Server Extended Rights

This class contains the following extended rights for Windows 2000 Server:

Common Name
Send-To

Windows 2000 Server Validated Writes

This class contains the following validated writes for Windows 2000 Server:

Common Name
Self-Membership

Windows 2000 Server Property Sets

This class contains the following property sets for Windows 2000 Server:

Common Name
Email-Information

Windows Server 2003

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.8
Default-Hiding-Value 0
Rdn-Att-Id Common-Name
Subclass of Top
Possible Superiors Domain-DNSOrganizational-UnitBuiltin-DomainContainerms-DS-Az-Admin-Managerms-DS-Az-Applicationms-DS-Az-Scope
Auxiliary Classes Security-Principal (System)Mail-Recipient (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
System-Flags 0x00000010

Windows Server 2003 Attributes

This class contains the following attributes for Windows Server 2003:

Attribute Mandatory Derived from
Account-Name-History False Security-Principal
Admin-Count False Group
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Alt-Security-Identities False Security-Principal
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Comment False Mail-Recipient
Common-Name True Top
Mail-Recipient
Control-Access-Rights False Group
Create-Time-Stamp False Top
Description False Top
Desktop-Profile False Group
Display-Name False Top
Display-Name-Printable False Top
DSA-Signature False Top
DS-Core-Propagation-Data False Top
E-mail-Addresses False Group
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Garbage-Coll-Period False Mail-Recipient
Group-Attributes False Group
Group-Membership-SAM False Group
Group-Type True Group
Instance-Type True Top
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
labeledURI False Mail-Recipient
Last-Known-Parent False Top
Legacy-Exchange-DN False Mail-Recipient
Managed-By False Group
Managed-Objects False Top
Mastered-By False Top
Member False Group
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-Az-LDAP-Query False Group
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-KeyVersionNumber False Security-Principal
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Non-Members False Group
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-Exch-Assistant-Name False Mail-Recipient
ms-Exch-LabeledURI False Mail-Recipient
ms-Exch-Owner-BL False Top
netboot-SCP-BL False Top
Non-Security-Member False Group
Non-Security-Member-BL False Top
NT-Group-Members False Group
NT-Security-Descriptor True Top
Security-Principal
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Sid True Security-Principal
Object-Version False Top
Operator-Count False Group
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Possible-Inferiors False Top
Primary-Group-Token False Group
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
RDN False Top
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
Rid False Security-Principal
SAM-Account-Name True Security-Principal
SAM-Account-Type False Security-Principal
SD-Rights-Effective False Top
secretary False Mail-Recipient
Security-Identifier False Security-Principal
Server-Reference-BL False Top
Show-In-Address-Book False Mail-Recipient
Show-In-Advanced-View-Only False Top
SID-History False Security-Principal
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Supplemental-Credentials False Security-Principal
System-Flags False Top
Telephone-Number False Mail-Recipient
Text-Encoded-OR-Address False Mail-Recipient
Token-Groups False Security-Principal
Token-Groups-Global-And-Universal False Security-Principal
Token-Groups-No-GC-Acceptable False Security-Principal
User-Cert False Mail-Recipient
User-SMIME-Certificate False Mail-Recipient
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X509-Cert False Mail-Recipient

Windows Server 2003 Extended Rights

This class contains the following extended rights for Windows Server 2003:

Common Name
Send-To

Windows Server 2003 Validated Writes

This class contains the following validated writes for Windows Server 2003:

Common Name
Self-Membership

Windows Server 2003 Property Sets

This class contains the following property sets for Windows Server 2003:

Common Name
Email-Information

ADAM

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.8
Default-Hiding-Value 0
Rdn-Att-Id Common-Name
Subclass of Top
Possible Superiors Domain-DNSOrganizational-UnitContainer
Auxiliary Classes Security-Principal (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:S:
System-Flags 0x00000010

ADAM Attributes

This class contains the following attributes for ADAM:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Common-Name False Top
Create-Time-Stamp False Top
Description False Top
Desktop-Profile False Group
Display-Name False Top
DSA-Signature False Top
DS-Core-Propagation-Data False Top
From-Entry False Top
FSMO-Role-Owner False Top
Group-Type True Group
Instance-Type True Top
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Last-Known-Parent False Top
Managed-By False Group
Managed-Objects False Top
Mastered-By False Top
Member False Group
Modify-Time-Stamp False Top
ms-DS-Approx-Immed-Subordinates False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Disable-For-Instances-BL False Top
ms-DS-Mastered-By False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Service-Account-BL False Top
NT-Security-Descriptor True Top
Security-Principal
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Sid True Security-Principal
Object-Version False Top
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Possible-Inferiors False Top
Primary-Group-Token False Group
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
RDN False Top
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reps-From False Top
Reps-To False Top
Revision False Top
SD-Rights-Effective False Top
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Supplemental-Credentials False Security-Principal
System-Flags False Top
Token-Groups False Security-Principal
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top

ADAM Validated Writes

This class contains the following validated writes for ADAM:

Common Name
Self-Membership

ADAM Property Sets

This class contains the following property sets for ADAM:

Common Name
Email-Information

Windows Server 2003 R2

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.8
Default-Hiding-Value 0
Rdn-Att-Id Common-Name
Subclass of Top
Possible Superiors Domain-DNSOrganizational-UnitBuiltin-DomainContainerms-DS-Az-Admin-Managerms-DS-Az-Applicationms-DS-Az-Scope
Auxiliary Classes posixGroupSecurity-Principal (System)Mail-Recipient (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
System-Flags 0x00000010

Windows Server 2003 R2 Attributes

This class contains the following attributes for Windows Server 2003 R2:

Attribute Mandatory Derived from
Account-Name-History False Security-Principal
Admin-Count False Group
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Alt-Security-Identities False Security-Principal
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Comment False Mail-Recipient
Common-Name True Top
posixGroup
Mail-Recipient
Control-Access-Rights False Group
Create-Time-Stamp False Top
Description False Top
posixGroup
Desktop-Profile False Group
Display-Name False Top
Display-Name-Printable False Top
DSA-Signature False Top
DS-Core-Propagation-Data False Top
E-mail-Addresses False Group
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Garbage-Coll-Period False Mail-Recipient
gidNumber False posixGroup
Group-Attributes False Group
Group-Membership-SAM False Group
Group-Type True Group
Instance-Type True Top
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
labeledURI False Mail-Recipient
Last-Known-Parent False Top
Legacy-Exchange-DN False Mail-Recipient
Managed-By False Group
Managed-Objects False Top
Mastered-By False Top
Member False Group
memberUid False posixGroup
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-Az-LDAP-Query False Group
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-KeyVersionNumber False Security-Principal
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Non-Members False Group
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-Exch-Assistant-Name False Mail-Recipient
ms-Exch-LabeledURI False Mail-Recipient
ms-Exch-Owner-BL False Top
msSFU-30-Name False Group
msSFU-30-Nis-Domain False Group
msSFU-30-Posix-Member False Group
msSFU-30-Posix-Member-Of False Top
netboot-SCP-BL False Top
Non-Security-Member False Group
Non-Security-Member-BL False Top
NT-Group-Members False Group
NT-Security-Descriptor True Top
Security-Principal
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Sid True Security-Principal
Object-Version False Top
Operator-Count False Group
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Possible-Inferiors False Top
Primary-Group-Token False Group
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
RDN False Top
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
Rid False Security-Principal
SAM-Account-Name True Security-Principal
SAM-Account-Type False Security-Principal
SD-Rights-Effective False Top
secretary False Mail-Recipient
Security-Identifier False Security-Principal
Server-Reference-BL False Top
Show-In-Address-Book False Mail-Recipient
Show-In-Advanced-View-Only False Top
SID-History False Security-Principal
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Supplemental-Credentials False Security-Principal
System-Flags False Top
Telephone-Number False Mail-Recipient
Text-Encoded-OR-Address False Mail-Recipient
Token-Groups False Security-Principal
Token-Groups-Global-And-Universal False Security-Principal
Token-Groups-No-GC-Acceptable False Security-Principal
unixUserPassword False posixGroup
User-Cert False Mail-Recipient
User-Password False posixGroup
User-SMIME-Certificate False Mail-Recipient
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X509-Cert False Mail-Recipient

Windows Server 2003 R2 Extended Rights

This class contains the following extended rights for Windows Server 2003 R2:

Common Name
Send-To

Windows Server 2003 R2 Validated Writes

This class contains the following validated writes for Windows Server 2003 R2:

Common Name
Self-Membership

Windows Server 2003 R2 Property Sets

This class contains the following property sets for Windows Server 2003 R2:

Common Name
Email-Information

Windows Server 2008

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.8
Default-Hiding-Value 0
Rdn-Att-Id Common-Name
Subclass of Top
Possible Superiors Domain-DNSOrganizational-UnitBuiltin-DomainContainerms-DS-Az-Admin-Managerms-DS-Az-Applicationms-DS-Az-Scope
Auxiliary Classes posixGroupSecurity-Principal (System)Mail-Recipient (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
System-Flags 0x00000010

Windows Server 2008 Attributes

This class contains the following attributes for Windows Server 2008:

Attribute Mandatory Derived from
Account-Name-History False Security-Principal
Admin-Count False Group
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Alt-Security-Identities False Security-Principal
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Comment False Mail-Recipient
Common-Name True Top
posixGroup
Mail-Recipient
Control-Access-Rights False Group
Create-Time-Stamp False Top
Description False Top
posixGroup
Desktop-Profile False Group
Display-Name False Top
Display-Name-Printable False Top
DSA-Signature False Top
DS-Core-Propagation-Data False Top
E-mail-Addresses False Group
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Garbage-Coll-Period False Mail-Recipient
gidNumber False posixGroup
Group-Attributes False Group
Group-Membership-SAM False Group
Group-Type True Group
Instance-Type True Top
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
labeledURI False Mail-Recipient
Last-Known-Parent False Top
Legacy-Exchange-DN False Mail-Recipient
Managed-By False Group
Managed-Objects False Top
Mastered-By False Top
Member False Group
memberUid False posixGroup
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Az-Application-Data False Group
ms-DS-Az-Biz-Rule False Group
ms-DS-Az-Biz-Rule-Language False Group
ms-DS-Az-Generic-Data False Group
ms-DS-Az-Last-Imported-Biz-Rule-Path False Group
ms-DS-Az-LDAP-Query False Group
ms-DS-Az-Object-Guid False Group
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-Is-Partial-Replica-For False Top
ms-DS-KeyVersionNumber False Security-Principal
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Non-Members False Group
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Phonetic-Display-Name False Mail-Recipient
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-Exch-Assistant-Name False Mail-Recipient
ms-Exch-LabeledURI False Mail-Recipient
ms-Exch-Owner-BL False Top
msSFU-30-Name False Group
msSFU-30-Nis-Domain False Group
msSFU-30-Posix-Member False Group
msSFU-30-Posix-Member-Of False Top
netboot-SCP-BL False Top
Non-Security-Member False Group
Non-Security-Member-BL False Top
NT-Group-Members False Group
NT-Security-Descriptor True Top
Security-Principal
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Sid True Security-Principal
Object-Version False Top
Operator-Count False Group
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Possible-Inferiors False Top
Primary-Group-Token False Group
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
RDN False Top
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
Rid False Security-Principal
SAM-Account-Name True Security-Principal
SAM-Account-Type False Security-Principal
SD-Rights-Effective False Top
secretary False Mail-Recipient
Security-Identifier False Security-Principal
Server-Reference-BL False Top
Show-In-Address-Book False Mail-Recipient
Show-In-Advanced-View-Only False Top
SID-History False Security-Principal
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Supplemental-Credentials False Security-Principal
System-Flags False Top
Telephone-Number False Mail-Recipient
Text-Encoded-OR-Address False Mail-Recipient
Token-Groups False Security-Principal
Token-Groups-Global-And-Universal False Security-Principal
Token-Groups-No-GC-Acceptable False Security-Principal
unixUserPassword False posixGroup
User-Cert False Mail-Recipient
User-Password False posixGroup
User-SMIME-Certificate False Mail-Recipient
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X509-Cert False Mail-Recipient

Windows Server 2008 Extended Rights

This class contains the following extended rights for Windows Server 2008:

Common Name
Send-To

Windows Server 2008 Validated Writes

This class contains the following validated writes for Windows Server 2008:

Common Name
Self-Membership

Windows Server 2008 Property Sets

This class contains the following property sets for Windows Server 2008:

Common Name
Email-Information

Windows Server 2008 R2

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.8
Default-Hiding-Value 0
Rdn-Att-Id Common-Name
Subclass of Top
Possible Superiors Domain-DNSOrganizational-UnitBuiltin-DomainContainerms-DS-Az-Admin-Managerms-DS-Az-Applicationms-DS-Az-Scope
Auxiliary Classes posixGroupSecurity-Principal (System)Mail-Recipient (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
System-Flags 0x00000010

Windows Server 2008 R2 Attributes

This class contains the following attributes for Windows Server 2008 R2:

Attribute Mandatory Derived from
Account-Name-History False Security-Principal
Admin-Count False Group
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Alt-Security-Identities False Security-Principal
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Comment False Mail-Recipient
Common-Name True Top
posixGroup
Mail-Recipient
Control-Access-Rights False Group
Create-Time-Stamp False Top
Description False Top
posixGroup
Desktop-Profile False Group
Display-Name False Top
Display-Name-Printable False Top
DSA-Signature False Top
DS-Core-Propagation-Data False Top
E-mail-Addresses False Group
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Garbage-Coll-Period False Mail-Recipient
gidNumber False posixGroup
Group-Attributes False Group
Group-Membership-SAM False Group
Group-Type True Group
Instance-Type True Top
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Is-Recycled False Top
labeledURI False Mail-Recipient
Last-Known-Parent False Top
Legacy-Exchange-DN False Mail-Recipient
Managed-By False Group
Managed-Objects False Top
Mastered-By False Top
Member False Group
memberUid False posixGroup
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Az-Application-Data False Group
ms-DS-Az-Biz-Rule False Group
ms-DS-Az-Biz-Rule-Language False Group
ms-DS-Az-Generic-Data False Group
ms-DS-Az-Last-Imported-Biz-Rule-Path False Group
ms-DS-Az-LDAP-Query False Group
ms-DS-Az-Object-Guid False Group
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Enabled-Feature-BL False Top
ms-DS-Host-Service-Account-BL False Top
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-Is-Partial-Replica-For False Top
ms-DS-KeyVersionNumber False Security-Principal
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Last-Known-RDN False Top
ms-DS-local-Effective-Deletion-Time False Top
ms-DS-local-Effective-Recycle-Time False Top
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Non-Members False Group
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-OIDToGroup-Link-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Phonetic-Display-Name False Mail-Recipient
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-Exch-Assistant-Name False Mail-Recipient
ms-Exch-LabeledURI False Mail-Recipient
ms-Exch-Owner-BL False Top
msSFU-30-Name False Group
msSFU-30-Nis-Domain False Group
msSFU-30-Posix-Member False Group
msSFU-30-Posix-Member-Of False Top
netboot-SCP-BL False Top
Non-Security-Member False Group
Non-Security-Member-BL False Top
NT-Group-Members False Group
NT-Security-Descriptor True Top
Security-Principal
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Sid True Security-Principal
Object-Version False Top
Operator-Count False Group
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Possible-Inferiors False Top
Primary-Group-Token False Group
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
RDN False Top
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
Rid False Security-Principal
SAM-Account-Name True Security-Principal
SAM-Account-Type False Security-Principal
SD-Rights-Effective False Top
secretary False Mail-Recipient
Security-Identifier False Security-Principal
Server-Reference-BL False Top
Show-In-Address-Book False Mail-Recipient
Show-In-Advanced-View-Only False Top
SID-History False Security-Principal
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Supplemental-Credentials False Security-Principal
System-Flags False Top
Telephone-Number False Mail-Recipient
Text-Encoded-OR-Address False Mail-Recipient
Token-Groups False Security-Principal
Token-Groups-Global-And-Universal False Security-Principal
Token-Groups-No-GC-Acceptable False Security-Principal
unixUserPassword False posixGroup
User-Cert False Mail-Recipient
User-Password False posixGroup
User-SMIME-Certificate False Mail-Recipient
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X509-Cert False Mail-Recipient

Windows Server 2008 R2 Extended Rights

This class contains the following extended rights for Windows Server 2008 R2:

Common Name
Send-To

Windows Server 2008 R2 Validated Writes

This class contains the following validated writes for Windows Server 2008 R2:

Common Name
Self-Membership

Windows Server 2008 R2 Property Sets

This class contains the following property sets for Windows Server 2008 R2:

Common Name
Email-Information

Windows Server 2012

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.8
Default-Hiding-Value 0
Rdn-Att-Id Common-Name
Subclass of Top
Possible Superiors Domain-DNSOrganizational-UnitBuiltin-DomainContainerms-DS-Az-Admin-Managerms-DS-Az-Applicationms-DS-Az-Scope
Auxiliary Classes posixGroupSecurity-Principal (System)Mail-Recipient (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
System-Flags 0x00000010

Windows Server 2012 Attributes

This class contains the following attributes for Windows Server 2012:

Attribute Mandatory Derived from
Account-Name-History False Security-Principal
Admin-Count False Group
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Alt-Security-Identities False Security-Principal
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Comment False Mail-Recipient
Common-Name True Top
posixGroup
Mail-Recipient
Control-Access-Rights False Group
Create-Time-Stamp False Top
Description False Top
posixGroup
Desktop-Profile False Group
Display-Name False Top
Display-Name-Printable False Top
DSA-Signature False Top
DS-Core-Propagation-Data False Top
E-mail-Addresses False Group
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Garbage-Coll-Period False Mail-Recipient
gidNumber False posixGroup
Group-Attributes False Group
Group-Membership-SAM False Group
Group-Type True Group
Instance-Type True Top
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Is-Recycled False Top
labeledURI False Mail-Recipient
Last-Known-Parent False Top
Legacy-Exchange-DN False Mail-Recipient
Managed-By False Group
Managed-Objects False Top
Mastered-By False Top
Member False Group
memberUid False posixGroup
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Az-Application-Data False Group
ms-DS-Az-Biz-Rule False Group
ms-DS-Az-Biz-Rule-Language False Group
ms-DS-Az-Generic-Data False Group
ms-DS-Az-Last-Imported-Biz-Rule-Path False Group
ms-DS-Az-LDAP-Query False Group
ms-DS-Az-Object-Guid False Group
ms-DS-Claim-Shares-Possible-Values-With-BL False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Enabled-Feature-BL False Top
ms-DS-GeoCoordinates-Altitude False Mail-Recipient
ms-DS-GeoCoordinates-Latitude False Mail-Recipient
ms-DS-GeoCoordinates-Longitude False Mail-Recipient
ms-DS-Host-Service-Account-BL False Top
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-Is-Partial-Replica-For False Top
ms-DS-Is-Primary-Computer-For False Top
ms-DS-KeyVersionNumber False Security-Principal
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Last-Known-RDN False Top
ms-DS-local-Effective-Deletion-Time False Top
ms-DS-local-Effective-Recycle-Time False Top
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-Members-Of-Resource-Property-List-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Non-Members False Group
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-OIDToGroup-Link-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Phonetic-Display-Name False Mail-Recipient
ms-DS-Primary-Computer False Group
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-DS-TDO-Egress-BL False Top
ms-DS-TDO-Ingress-BL False Top
ms-DS-Value-Type-Reference-BL False Top
ms-Exch-Assistant-Name False Mail-Recipient
ms-Exch-LabeledURI False Mail-Recipient
ms-Exch-Owner-BL False Top
msSFU-30-Name False Group
msSFU-30-Nis-Domain False Group
msSFU-30-Posix-Member False Group
msSFU-30-Posix-Member-Of False Top
netboot-SCP-BL False Top
Non-Security-Member False Group
Non-Security-Member-BL False Top
NT-Group-Members False Group
NT-Security-Descriptor True Top
Security-Principal
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Sid True Security-Principal
Object-Version False Top
Operator-Count False Group
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Possible-Inferiors False Top
Primary-Group-Token False Group
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
RDN False Top
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
Rid False Security-Principal
SAM-Account-Name True Security-Principal
SAM-Account-Type False Security-Principal
SD-Rights-Effective False Top
secretary False Mail-Recipient
Security-Identifier False Security-Principal
Server-Reference-BL False Top
Show-In-Address-Book False Mail-Recipient
Show-In-Advanced-View-Only False Top
SID-History False Security-Principal
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Supplemental-Credentials False Security-Principal
System-Flags False Top
Telephone-Number False Mail-Recipient
Text-Encoded-OR-Address False Mail-Recipient
Token-Groups False Security-Principal
Token-Groups-Global-And-Universal False Security-Principal
Token-Groups-No-GC-Acceptable False Security-Principal
unixUserPassword False posixGroup
User-Cert False Mail-Recipient
User-Password False posixGroup
User-SMIME-Certificate False Mail-Recipient
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X509-Cert False Mail-Recipient

Windows Server 2012 Extended Rights

This class contains the following extended rights for Windows Server 2012:

Common Name
Send-To

Windows Server 2012 Validated Writes

This class contains the following validated writes for Windows Server 2012:

Common Name
Self-Membership

Windows Server 2012 Property Sets

This class contains the following property sets for Windows Server 2012:

Common Name
Email-Information