2.2.15 Domain RID Values

Constants for defining domain relative identifiers (RIDs).

Symbolic name	Value
DOMAIN_USER_RID_ADMIN	0x000001F4
DOMAIN_USER_RID_KRBTGT	0x000001F6
DOMAIN_GROUP_RID_ADMINS	0x00000200
DOMAIN_GROUP_RID_CONTROLLERS	0x00000204
DOMAIN_GROUP_RID_SCHEMA_ADMINS	0x00000206
DOMAIN_GROUP_RID_ENTERPRISE_ADMINS	0x00000207
DOMAIN_GROUP_RID_READONLY_CONTROLLERS	0x00000209
DOMAIN_ALIAS_RID_ADMINS	0x00000220
DOMAIN_ALIAS_RID_ACCOUNT_OPS	0x00000224
DOMAIN_ALIAS_RID_SYSTEM_OPS	0x00000225
DOMAIN_ALIAS_RID_PRINT_OPS	0x00000226
DOMAIN_ALIAS_RID_BACKUP_OPS	0x00000227
DOMAIN_ALIAS_RID_REPLICATOR	0x00000228

DOMAIN_USER_RID_ADMIN: The administrative user account in a domain.

DOMAIN_USER_RID_KRBTGT: The Kerberos ticket-granting ticket (TGT) account in a domain.

DOMAIN_GROUP_RID_ADMINS: The domain administrators' group.

DOMAIN_GROUP_RID_CONTROLLERS: The DCs' group. All DCs in the domain are members of the group.

DOMAIN_GROUP_RID_SCHEMA_ADMINS: The schema administrators' group. Members of this group can modify the Active Directory schema.

DOMAIN_GROUP_RID_ENTERPRISE_ADMINS: The enterprise administrators' group. Members of this group have full access to all domains in the Active Directory forest. Enterprise administrators are responsible for forest-level operations, such as adding or removing new domains.

DOMAIN_GROUP_RID_READONLY_CONTROLLERS: The read-only domain controllers' group. All read-only DCs in the domain are members of this group.

DOMAIN_ALIAS_RID_ADMINS: The administrators' group in the built-in domain.

DOMAIN_ALIAS_RID_ACCOUNT_OPS: A group that permits control over nonadministrator accounts.

DOMAIN_ALIAS_RID_SYSTEM_OPS: A group that performs system administrative functions, not including security functions. It establishes network shares, controls printers, unlocks workstations, and performs other operations.

DOMAIN_ALIAS_RID_PRINT_OPS: A group that controls printers and print queues.

DOMAIN_ALIAS_RID_BACKUP_OPS: A group that is used for controlling assignment of file backup and restoring user rights.

DOMAIN_ALIAS_RID_REPLICATOR: A group responsible for copying security databases to the Windows NT operating system backup controllers.