Export (0) Print
Expand All

3.1.1.1.2 Configurable Translation Database and Corresponding View

The Configurable Translation Database is a general purpose database for translation between security principal names and their corresponding SIDs. The Configurable Translation Database columns are the same as the Predefined Translation Database columns, and the view construction is the same. This database SHOULD be constructed using the abstract data model specified in [MS-SCMR] section 3.1.1. There MUST be one row for the "NT SERVICE" domain, as defined in the following table. There MUST be one row per service definition. The mapping rules are defined as follows:

  • Domain DNS Name, Additional Security Principal Name, User Principal Name, Default User Principal Names, and Security Principal SID History columns are left empty.

  • Security Principal SID is mapped from DisplayName in [MS-SCMR] section 3.1.1 using the following method:

    1. Convert the DisplayName field to the uppercase, UTF-16 representation.

    2. Take the SHA1 hash of the name:

      1. Hash[0] denoting the first 4 bytes of the resulting hash as an unsigned integer.

      2. Hash[1] denoting the second 4 bytes of the resulting hash as an unsigned integer.

      3. And so on.

    3. Create the SID using the following mapping:

      • S-1-5-80-hash[0]-hash[1]-hash[2]-hash[3]-hash[4]

  • Security Principal Name is mapped from DisplayName in [MS-SCMR] section 3.1.1.

  • Security Principal Type is mapped to SidTypeWellKnownGroup.

The following table shows two columns in the Configurable Translation Database and Corresponding View as an example with the NT Service Domain and Service Name 'ALG'.

Domain NetBIOS Name: NT SERVICE

Domain SID: S-1-5-80

Security Principal Name

Security Principal SID

Security Principal Type

NT SERVICE

S-1-5-80

SidTypeDomain

ALG

S-1-5-80-2387347252-3645287876-2469496166-3824418187-3586569773

SidTypeWellKnownGroup

 
Show:
© 2014 Microsoft