Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In AD DS, each normal (not read-only) DC in a domain has a domain controller object in its default NC. The DC's domain controller object is the DC's computer object (subject to the computer object constraints specified in [MS-SAMR] sections 3.1.1.6 and 3.1.1.8) with additional requirements as described in this section.
An AD DS RODC has a read-only domain controller object as specified in section 6.1.1.3.2. An AD LDS DC does not have a domain controller object.
userAccountControl: {ADS_UF_SERVER_TRUST_ACCOUNT | ADS_UF_TRUSTED_FOR_DELEGATION}
primaryGroupID: Contains the value 516.
This attribute is populated by the system during creation of the DC corresponding to the DC object. The primary group of a DC object is the domain relative well-known Domain Controllers security group. So the primaryGroupID attribute of a DC object equals the RID of the Domain Controllers security group, 516.
servicePrincipalName: This attribute contains all of the SPNs (2) for a normal (not read-only) DC, as specified in [MS-DRSR] section 2.2.2.
dNSHostName: Fully qualified DNS name of the DC.
msDS-AdditionalDnsHostName: Additional DNS names by which the DC can be identified.
objectCategory: Contains the distinguished name of the classSchema object for the computer class. This is the value of the defaultObjectCategory attribute of the computer class.