shadowAccount class

Article
12/14/2020

Contains additional attributes for shadow passwords.

Entry	Value
CN	shadowAccount
Ldap-Display-Name	shadowAccount
Update Privilege	-
Update Frequency	-
Schema-Id-Guid	5b6d8467-1a18-4174-b350-9cc6e7b4ac8d

Implementations

Windows Server 2003 R2
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012

Windows Server 2003 R2

Attributes

Entry	Value
System-Only	False
Object-Category	3
Default-Object-Category	-
Governs-Id	1.3.6.1.1.1.2.1
Default-Hiding-Value	1
Rdn-Att-Id	uid
Subclass of	Top
Possible Superiors	-
Auxiliary Classes	-
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags	0x00000000

Windows Server 2003 R2 Attributes

This class contains the following attributes for Windows Server 2003 R2:

Attribute	Mandatory	Derived from
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Bridgehead-Server-List-BL	False	Top
Canonical-Name	False	Top
Common-Name	False	Top
Create-Time-Stamp	False	Top
Description	False	shadowAccount Top
Display-Name	False	Top
Display-Name-Printable	False	Top
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Extension-Name	False	Top
Flags	False	Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Instance-Type	True	Top
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
Last-Known-Parent	False	Top
Managed-Objects	False	Top
Mastered-By	False	Top
Modify-Time-Stamp	False	Top
ms-COM-PartitionSetLink	False	Top
ms-COM-UserLink	False	Top
ms-DFSR-ComputerReferenceBL	False	Top
ms-DFSR-MemberReferenceBL	False	Top
ms-DS-Approx-Immed-Subordinates	False	Top
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
ms-DS-Mastered-By	False	Top
ms-DS-Members-For-Az-Role-BL	False	Top
ms-DS-NC-Repl-Cursors	False	Top
ms-DS-NC-Repl-Inbound-Neighbors	False	Top
ms-DS-NC-Repl-Outbound-Neighbors	False	Top
ms-DS-Non-Members-BL	False	Top
ms-DS-Object-Reference-BL	False	Top
ms-DS-Operations-For-Az-Role-BL	False	Top
ms-DS-Operations-For-Az-Task-BL	False	Top
ms-DS-Repl-Attribute-Meta-Data	False	Top
ms-DS-Repl-Value-Meta-Data	False	Top
ms-DS-Tasks-For-Az-Role-BL	False	Top
ms-DS-Tasks-For-Az-Task-BL	False	Top
ms-Exch-Owner-BL	False	Top
msSFU-30-Posix-Member-Of	False	Top
netboot-SCP-BL	False	Top
Non-Security-Member-BL	False	Top
NT-Security-Descriptor	True	Top
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Version	False	Top
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
Possible-Inferiors	False	Top
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Query-Policy-BL	False	Top
RDN	False	Top
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
SD-Rights-Effective	False	Top
Server-Reference-BL	False	Top
shadowExpire	False	shadowAccount
shadowFlag	False	shadowAccount
shadowInactive	False	shadowAccount
shadowLastChange	False	shadowAccount
shadowMax	False	shadowAccount
shadowMin	False	shadowAccount
shadowWarning	False	shadowAccount
Show-In-Advanced-View-Only	False	Top
Site-Object-BL	False	Top
Structural-Object-Class	False	Top
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
System-Flags	False	Top
uid	False	shadowAccount
User-Password	False	shadowAccount
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top

Windows Server 2008

Attributes

Entry	Value
System-Only	False
Object-Category	3
Default-Object-Category	-
Governs-Id	1.3.6.1.1.1.2.1
Default-Hiding-Value	1
Rdn-Att-Id	uid
Subclass of	Top
Possible Superiors	-
Auxiliary Classes	-
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags	0x00000000

Windows Server 2008 Attributes

This class contains the following attributes for Windows Server 2008:

Attribute	Mandatory	Derived from
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Bridgehead-Server-List-BL	False	Top
Canonical-Name	False	Top
Common-Name	False	Top
Create-Time-Stamp	False	Top
Description	False	shadowAccount Top
Display-Name	False	Top
Display-Name-Printable	False	Top
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Extension-Name	False	Top
Flags	False	Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Instance-Type	True	Top
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
Last-Known-Parent	False	Top
Managed-Objects	False	Top
Mastered-By	False	Top
Modify-Time-Stamp	False	Top
ms-COM-PartitionSetLink	False	Top
ms-COM-UserLink	False	Top
ms-DFSR-ComputerReferenceBL	False	Top
ms-DFSR-MemberReferenceBL	False	Top
ms-DS-Approx-Immed-Subordinates	False	Top
ms-DS-AuthenticatedTo-Accountlist	False	Top
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
ms-DS-Is-Domain-For	False	Top
ms-DS-Is-Full-Replica-For	False	Top
ms-DS-Is-Partial-Replica-For	False	Top
ms-DS-KrbTgt-Link-BL	False	Top
ms-DS-Mastered-By	False	Top
ms-DS-Members-For-Az-Role-BL	False	Top
ms-DS-NC-Repl-Cursors	False	Top
ms-DS-NC-Repl-Inbound-Neighbors	False	Top
ms-DS-NC-Repl-Outbound-Neighbors	False	Top
ms-DS-NC-RO-Replica-Locations-BL	False	Top
ms-DS-NC-Type	False	Top
ms-DS-Non-Members-BL	False	Top
ms-DS-Object-Reference-BL	False	Top
ms-DS-Operations-For-Az-Role-BL	False	Top
ms-DS-Operations-For-Az-Task-BL	False	Top
ms-DS-Principal-Name	False	Top
ms-DS-PSO-Applied	False	Top
ms-DS-Repl-Attribute-Meta-Data	False	Top
ms-DS-Repl-Value-Meta-Data	False	Top
ms-DS-Revealed-DSAs	False	Top
ms-DS-Revealed-List-BL	False	Top
ms-DS-Tasks-For-Az-Role-BL	False	Top
ms-DS-Tasks-For-Az-Task-BL	False	Top
ms-Exch-Owner-BL	False	Top
msSFU-30-Posix-Member-Of	False	Top
netboot-SCP-BL	False	Top
Non-Security-Member-BL	False	Top
NT-Security-Descriptor	True	Top
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Version	False	Top
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
Possible-Inferiors	False	Top
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Query-Policy-BL	False	Top
RDN	False	Top
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
SD-Rights-Effective	False	Top
Server-Reference-BL	False	Top
shadowExpire	False	shadowAccount
shadowFlag	False	shadowAccount
shadowInactive	False	shadowAccount
shadowLastChange	False	shadowAccount
shadowMax	False	shadowAccount
shadowMin	False	shadowAccount
shadowWarning	False	shadowAccount
Show-In-Advanced-View-Only	False	Top
Site-Object-BL	False	Top
Structural-Object-Class	False	Top
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
System-Flags	False	Top
uid	False	shadowAccount
User-Password	False	shadowAccount
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top

Windows Server 2008 R2

Attributes

Entry	Value
System-Only	False
Object-Category	3
Default-Object-Category	-
Governs-Id	1.3.6.1.1.1.2.1
Default-Hiding-Value	1
Rdn-Att-Id	uid
Subclass of	Top
Possible Superiors	-
Auxiliary Classes	-
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags	0x00000000

Windows Server 2008 R2 Attributes

This class contains the following attributes for Windows Server 2008 R2:

Attribute	Mandatory	Derived from
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Bridgehead-Server-List-BL	False	Top
Canonical-Name	False	Top
Common-Name	False	Top
Create-Time-Stamp	False	Top
Description	False	shadowAccount Top
Display-Name	False	Top
Display-Name-Printable	False	Top
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Extension-Name	False	Top
Flags	False	Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Instance-Type	True	Top
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
Is-Recycled	False	Top
Last-Known-Parent	False	Top
Managed-Objects	False	Top
Mastered-By	False	Top
Modify-Time-Stamp	False	Top
ms-COM-PartitionSetLink	False	Top
ms-COM-UserLink	False	Top
ms-DFSR-ComputerReferenceBL	False	Top
ms-DFSR-MemberReferenceBL	False	Top
ms-DS-Approx-Immed-Subordinates	False	Top
ms-DS-AuthenticatedTo-Accountlist	False	Top
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
ms-DS-Enabled-Feature-BL	False	Top
ms-DS-Host-Service-Account-BL	False	Top
ms-DS-Is-Domain-For	False	Top
ms-DS-Is-Full-Replica-For	False	Top
ms-DS-Is-Partial-Replica-For	False	Top
ms-DS-KrbTgt-Link-BL	False	Top
ms-DS-Last-Known-RDN	False	Top
ms-DS-local-Effective-Deletion-Time	False	Top
ms-DS-local-Effective-Recycle-Time	False	Top
ms-DS-Mastered-By	False	Top
ms-DS-Members-For-Az-Role-BL	False	Top
ms-DS-NC-Repl-Cursors	False	Top
ms-DS-NC-Repl-Inbound-Neighbors	False	Top
ms-DS-NC-Repl-Outbound-Neighbors	False	Top
ms-DS-NC-RO-Replica-Locations-BL	False	Top
ms-DS-NC-Type	False	Top
ms-DS-Non-Members-BL	False	Top
ms-DS-Object-Reference-BL	False	Top
ms-DS-OIDToGroup-Link-BL	False	Top
ms-DS-Operations-For-Az-Role-BL	False	Top
ms-DS-Operations-For-Az-Task-BL	False	Top
ms-DS-Principal-Name	False	Top
ms-DS-PSO-Applied	False	Top
ms-DS-Repl-Attribute-Meta-Data	False	Top
ms-DS-Repl-Value-Meta-Data	False	Top
ms-DS-Revealed-DSAs	False	Top
ms-DS-Revealed-List-BL	False	Top
ms-DS-Tasks-For-Az-Role-BL	False	Top
ms-DS-Tasks-For-Az-Task-BL	False	Top
ms-Exch-Owner-BL	False	Top
msSFU-30-Posix-Member-Of	False	Top
netboot-SCP-BL	False	Top
Non-Security-Member-BL	False	Top
NT-Security-Descriptor	True	Top
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Version	False	Top
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
Possible-Inferiors	False	Top
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Query-Policy-BL	False	Top
RDN	False	Top
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
SD-Rights-Effective	False	Top
Server-Reference-BL	False	Top
shadowExpire	False	shadowAccount
shadowFlag	False	shadowAccount
shadowInactive	False	shadowAccount
shadowLastChange	False	shadowAccount
shadowMax	False	shadowAccount
shadowMin	False	shadowAccount
shadowWarning	False	shadowAccount
Show-In-Advanced-View-Only	False	Top
Site-Object-BL	False	Top
Structural-Object-Class	False	Top
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
System-Flags	False	Top
uid	False	shadowAccount
User-Password	False	shadowAccount
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top

Windows Server 2012

Attributes

Entry	Value
System-Only	False
Object-Category	3
Default-Object-Category	-
Governs-Id	1.3.6.1.1.1.2.1
Default-Hiding-Value	1
Rdn-Att-Id	uid
Subclass of	Top
Possible Superiors	-
Auxiliary Classes	-
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags	0x00000000

Windows Server 2012 Attributes

This class contains the following attributes for Windows Server 2012:

Attribute	Mandatory	Derived from
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Bridgehead-Server-List-BL	False	Top
Canonical-Name	False	Top
Common-Name	False	Top
Create-Time-Stamp	False	Top
Description	False	shadowAccount Top
Display-Name	False	Top
Display-Name-Printable	False	Top
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Extension-Name	False	Top
Flags	False	Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Instance-Type	True	Top
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
Is-Recycled	False	Top
Last-Known-Parent	False	Top
Managed-Objects	False	Top
Mastered-By	False	Top
Modify-Time-Stamp	False	Top
ms-COM-PartitionSetLink	False	Top
ms-COM-UserLink	False	Top
ms-DFSR-ComputerReferenceBL	False	Top
ms-DFSR-MemberReferenceBL	False	Top
ms-DS-Approx-Immed-Subordinates	False	Top
ms-DS-AuthenticatedTo-Accountlist	False	Top
ms-DS-Claim-Shares-Possible-Values-With-BL	False	Top
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
ms-DS-Enabled-Feature-BL	False	Top
ms-DS-Host-Service-Account-BL	False	Top
ms-DS-Is-Domain-For	False	Top
ms-DS-Is-Full-Replica-For	False	Top
ms-DS-Is-Partial-Replica-For	False	Top
ms-DS-Is-Primary-Computer-For	False	Top
ms-DS-KrbTgt-Link-BL	False	Top
ms-DS-Last-Known-RDN	False	Top
ms-DS-local-Effective-Deletion-Time	False	Top
ms-DS-local-Effective-Recycle-Time	False	Top
ms-DS-Mastered-By	False	Top
ms-DS-Members-For-Az-Role-BL	False	Top
ms-DS-Members-Of-Resource-Property-List-BL	False	Top
ms-DS-NC-Repl-Cursors	False	Top
ms-DS-NC-Repl-Inbound-Neighbors	False	Top
ms-DS-NC-Repl-Outbound-Neighbors	False	Top
ms-DS-NC-RO-Replica-Locations-BL	False	Top
ms-DS-NC-Type	False	Top
ms-DS-Non-Members-BL	False	Top
ms-DS-Object-Reference-BL	False	Top
ms-DS-OIDToGroup-Link-BL	False	Top
ms-DS-Operations-For-Az-Role-BL	False	Top
ms-DS-Operations-For-Az-Task-BL	False	Top
ms-DS-Principal-Name	False	Top
ms-DS-PSO-Applied	False	Top
ms-DS-Repl-Attribute-Meta-Data	False	Top
ms-DS-Repl-Value-Meta-Data	False	Top
ms-DS-Revealed-DSAs	False	Top
ms-DS-Revealed-List-BL	False	Top
ms-DS-Tasks-For-Az-Role-BL	False	Top
ms-DS-Tasks-For-Az-Task-BL	False	Top
ms-DS-TDO-Egress-BL	False	Top
ms-DS-TDO-Ingress-BL	False	Top
ms-DS-Value-Type-Reference-BL	False	Top
ms-Exch-Owner-BL	False	Top
msSFU-30-Posix-Member-Of	False	Top
netboot-SCP-BL	False	Top
Non-Security-Member-BL	False	Top
NT-Security-Descriptor	True	Top
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Version	False	Top
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
Possible-Inferiors	False	Top
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Query-Policy-BL	False	Top
RDN	False	Top
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
SD-Rights-Effective	False	Top
Server-Reference-BL	False	Top
shadowExpire	False	shadowAccount
shadowFlag	False	shadowAccount
shadowInactive	False	shadowAccount
shadowLastChange	False	shadowAccount
shadowMax	False	shadowAccount
shadowMin	False	shadowAccount
shadowWarning	False	shadowAccount
Show-In-Advanced-View-Only	False	Top
Site-Object-BL	False	Top
Structural-Object-Class	False	Top
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
System-Flags	False	Top
uid	False	shadowAccount
User-Password	False	shadowAccount
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top

Share via