Export (0) Print
Expand All

6.1.1.1.5 Application NC Root

distinguishedName: See section 3.1.1.1 for more information about domain NC naming rules.

objectClass: domainDNS (AD DS); any structural or 88 class except dMD and configuration (AD LDS)

wellKnownObjects: This attribute holds DN-Binary values. See section 6.1.4 for details.

otherWellKnownObjects: This attribute holds DN-Binary values. See section 6.1.4 for details.

nTSecurityDescriptor:

  • Let D1 be a DC that is instructed to host a writable application replica NC (see section 6.1.2.3 for hosting requirements). In order for D1 to replicate the NC, D1 must be granted the following rights on the NC root:

    • DS-Replication-Get-Changes

    • DS-Replication-Get-Changes-All

    • DS-Replication-Get-Changes-In-Filtered-Set

  • Let D2 be a DC that is instructed to host a read-only application replica NC (see section 6.1.2.3 for hosting requirements) such that objects in the NC replica will not contain attributes in the filtered attribute set. In order for D2 to replicate the NC, D2 must be granted the following rights on the NC root:

    • DS-Replication-Get-Changes

  • Note that this nTSecurityDescriptor must be resolved with the domain specified on the msDS-SDReferenceDomain attribute on the crossRef object representing this NC; see section 5 for details.

objectSid: Present and used on AD LDS only. This attribute contains the SID that is used in generating objectSid values for new AD LDS security principals residing in this application NC, as specified in section 3.1.1.5.2.4. This attribute is not returned by LDAP queries.

 
Show:
© 2014 Microsoft