Export (0) Print
Expand All

3.1.1.1.7 Forest Principal View

To construct the Forest Principal View for a given forest, the following columns from a union of all domain naming contexts (NCs) in the forest MUST be used.

  • sAMAccountName

  • userPrincipalName

  • objectSID

  • sidHistory

  • sAMAccountType

All objects that satisfy the following criteria MUST be part of this view:

  • The sAMAccountName, objectSID, and sAMAccountType attributes have values.

  • The value of the objectSID attribute does not contain S-1-5-32 as the prefix.

The following columns MUST be used to construct the Forest Principal View in the following manner:

  • User Principal Name is obtained from userPrincipalName.

  • Security Principal SID History is obtained from sidHistory.

  • Security Principal SID is obtained from objectSID.

  • Security Principal Name is obtained from sAMAccountName.

  • Additional Security Principal Name is empty.

  • Security Principal Type is mapped from sAMAccountType by using the rule explained in the Builtin Domain Principal View section (3.1.1.1.3).

  • Domain NetBIOS Name, Domain DNS Name, and Domain SID are mapped from Domain Database Information for the domain that the object is in.

  • Default User Principal Names is constructed using the following rules:

    • Concatenate sAMAccountName with Domain DNS Name, separated by an @ sign.

    • Concatenate sAMAccountName with Domain NetBIOS Name, separated by an @ sign.

The following example shows how this view is created:

  • An object that represents the "someone" user on a domain controller.

    Column

    Value

    sAMAccountName

    someone

    userPrincipalName

    someone@example.com

    objectSID

    S-1-5-21-397955417-626881126-188441444-1555

    sidHistory

    S-1-5-21-1234567890-123456789-456789012-2045

    S-1-5-21-7890123456-345678-459012-34524

    sAMAccountType

    0x30000000

  • Domain Database Information for that domain.

    Column

    Value

    Domain DNS Name

    Corp.example.com

    Domain NetBIOS Name

    Corp

    Domain SID

    S-1-5-21-397955417-626881126-188441444

  • The view created for the security principal.

    Column

    Value

    Domain DNS Name

    Corp.example.com

    Domain NetBIOS Name

    Corp

    Domain SID

    S-1-5-21-397955417-626881126-188441444

    Security Principal Name

    someone

    Additional Security Principal Name

     

    Default User Principal Names

    someone@corp

    someone@corp.example.com

    User Principal Name

    someone@example.com

    Security Principal SID

    S-1-5-21-397955417-626881126-188441444-1555

    Security Principal SID History

    S-1-5-21-1234567890-123456789-456789012-2045

    S-1-5-21-7890123456-345678-459012-34524

    Security Principal Type

    SidTypeUser

 
Show:
© 2014 Microsoft