NTDS-DSA class

Represents the Active Directory DSA process on the server.

Entry Value
CN NTDS-DSA
Ldap-Display-Name nTDSDSA
Update Privilege -
Update Frequency -
Schema-Id-Guid f0f8ffab-1191-11d0-a060-00aa006c33ed

Implementations

Windows 2000 Server

Entry Value
System-Only True
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.7000.47
Default-Hiding-Value 1
Rdn-Att-Id Common-Name
Subclass of Application-Settings
Possible Superiors ServerOrganization
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags 0x00000010

Windows 2000 Server Attributes

This class contains the following attributes for Windows 2000 Server:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Application-Name False Application-Settings
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Common-Name False Top
Create-Time-Stamp False Top
Description False Top
Display-Name False Top
Display-Name-Printable False Top
DMD-Location False NTDS-DSA
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FRS-Root-Path False NTDS-DSA
FSMO-Role-Owner False Top
Has-Master-NCs False NTDS-DSA
Has-Partial-Replica-NCs False NTDS-DSA
Instance-Type True Top
Invocation-Id False NTDS-DSA
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Last-Backup-Restoration-Time False NTDS-DSA
Last-Known-Parent False Top
Managed-By False NTDS-DSA
Managed-Objects False Top
Mastered-By False Top
Modify-Time-Stamp False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
netboot-SCP-BL False Top
Network-Address False NTDS-DSA
Non-Security-Member-BL False Top
Notification-List False Application-Settings
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Options False NTDS-DSA
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Possible-Inferiors False Top
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
Query-Policy-Object False NTDS-DSA
RDN False Top
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Retired-Repl-DSA-Signatures False NTDS-DSA
Revision False Top
SD-Rights-Effective False Top
Server-Reference False NTDS-DSA
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top

Windows 2000 Server Extended Rights

This class contains the following extended rights for Windows 2000 Server:

Common Name
Abandon-Replication
Do-Garbage-Collection
Recalculate-Hierarchy
Allocate-Rids
Recalculate-Security-Inheritance
DS-Check-Stale-Phantoms

Windows Server 2003

Entry Value
System-Only True
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.7000.47
Default-Hiding-Value 1
Rdn-Att-Id Common-Name
Subclass of Application-Settings
Possible Superiors ServerOrganization
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags 0x00000010

Windows Server 2003 Attributes

This class contains the following attributes for Windows Server 2003:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Application-Name False Application-Settings
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Common-Name False Top
Create-Time-Stamp False Top
Description False Top
Display-Name False Top
Display-Name-Printable False Top
DMD-Location False NTDS-DSA
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FRS-Root-Path False NTDS-DSA
FSMO-Role-Owner False Top
Has-Master-NCs False NTDS-DSA
Has-Partial-Replica-NCs False NTDS-DSA
Instance-Type True Top
Invocation-Id False NTDS-DSA
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Last-Backup-Restoration-Time False NTDS-DSA
Last-Known-Parent False Top
Managed-By False NTDS-DSA
Managed-Objects False Top
Mastered-By False Top
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-Behavior-Version False NTDS-DSA
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Has-Domain-NCs False NTDS-DSA
ms-DS-Has-Instantiated-NCs False NTDS-DSA
ms-DS-Has-Master-NCs False NTDS-DSA
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-ReplicationEpoch False NTDS-DSA
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Retired-Repl-NC-Signatures False NTDS-DSA
ms-DS-Settings False Application-Settings
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-Exch-Owner-BL False Top
netboot-SCP-BL False Top
Network-Address False NTDS-DSA
Non-Security-Member-BL False Top
Notification-List False Application-Settings
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Options False NTDS-DSA
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Possible-Inferiors False Top
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
Query-Policy-Object False NTDS-DSA
RDN False Top
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Retired-Repl-DSA-Signatures False NTDS-DSA
Revision False Top
SD-Rights-Effective False Top
Server-Reference False NTDS-DSA
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top

Windows Server 2003 Extended Rights

This class contains the following extended rights for Windows Server 2003:

Common Name
Do-Garbage-Collection
Recalculate-Hierarchy
Allocate-Rids
Recalculate-Security-Inheritance
DS-Check-Stale-Phantoms
Refresh-Group-Cache

ADAM

Entry Value
System-Only True
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.7000.47
Default-Hiding-Value 1
Rdn-Att-Id Common-Name
Subclass of Application-Settings
Possible Superiors ServerOrganization
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:S:
System-Flags 0x00000010

ADAM Attributes

This class contains the following attributes for ADAM:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Common-Name False Top
Create-Time-Stamp False Top
Description False Top
Display-Name False Top
DMD-Location False NTDS-DSA
DSA-Signature False Top
DS-Core-Propagation-Data False Top
From-Entry False Top
FSMO-Role-Owner False Top
Has-Master-NCs False NTDS-DSA
Has-Partial-Replica-NCs False NTDS-DSA
Instance-Type True Top
Invocation-Id False NTDS-DSA
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Last-Backup-Restoration-Time False NTDS-DSA
Last-Known-Parent False Top
Managed-By False NTDS-DSA
Managed-Objects False Top
Mastered-By False Top
Modify-Time-Stamp False Top
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-Behavior-Version False NTDS-DSA
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Disable-For-Instances-BL False Top
ms-DS-Has-Domain-NCs False NTDS-DSA
ms-DS-Has-Instantiated-NCs False NTDS-DSA
ms-DS-Has-Master-NCs False NTDS-DSA
ms-DS-Mastered-By False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Port-LDAP False NTDS-DSA
ms-DS-Port-SSL False NTDS-DSA
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-ReplicationEpoch False NTDS-DSA
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Retired-Repl-NC-Signatures False NTDS-DSA
ms-DS-Service-Account False NTDS-DSA
ms-DS-Service-Account-BL False Top
ms-DS-Service-Account-DNS-Domain False NTDS-DSA
ms-DS-Settings False Application-Settings
Network-Address False NTDS-DSA
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Options False NTDS-DSA
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Possible-Inferiors False Top
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
Query-Policy-Object False NTDS-DSA
RDN False Top
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reps-From False Top
Reps-To False Top
Retired-Repl-DSA-Signatures False NTDS-DSA
Revision False Top
SD-Rights-Effective False Top
Server-Reference False NTDS-DSA
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top

ADAM Extended Rights

This class contains the following extended rights for ADAM:

Common Name
Do-Garbage-Collection
Recalculate-Security-Inheritance

Windows Server 2003 R2

Entry Value
System-Only True
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.7000.47
Default-Hiding-Value 1
Rdn-Att-Id Common-Name
Subclass of Application-Settings
Possible Superiors ServerOrganization
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags 0x00000010

Windows Server 2003 R2 Attributes

This class contains the following attributes for Windows Server 2003 R2:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Application-Name False Application-Settings
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Common-Name False Top
Create-Time-Stamp False Top
Description False Top
Display-Name False Top
Display-Name-Printable False Top
DMD-Location False NTDS-DSA
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FRS-Root-Path False NTDS-DSA
FSMO-Role-Owner False Top
Has-Master-NCs False NTDS-DSA
Has-Partial-Replica-NCs False NTDS-DSA
Instance-Type True Top
Invocation-Id False NTDS-DSA
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Last-Backup-Restoration-Time False NTDS-DSA
Last-Known-Parent False Top
Managed-By False NTDS-DSA
Managed-Objects False Top
Mastered-By False Top
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-Behavior-Version False NTDS-DSA
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Has-Domain-NCs False NTDS-DSA
ms-DS-Has-Instantiated-NCs False NTDS-DSA
ms-DS-Has-Master-NCs False NTDS-DSA
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-ReplicationEpoch False NTDS-DSA
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Retired-Repl-NC-Signatures False NTDS-DSA
ms-DS-Settings False Application-Settings
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-Exch-Owner-BL False Top
msSFU-30-Posix-Member-Of False Top
netboot-SCP-BL False Top
Network-Address False NTDS-DSA
Non-Security-Member-BL False Top
Notification-List False Application-Settings
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Options False NTDS-DSA
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Possible-Inferiors False Top
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
Query-Policy-Object False NTDS-DSA
RDN False Top
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Retired-Repl-DSA-Signatures False NTDS-DSA
Revision False Top
SD-Rights-Effective False Top
Server-Reference False NTDS-DSA
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top

Windows Server 2003 R2 Extended Rights

This class contains the following extended rights for Windows Server 2003 R2:

Common Name
Do-Garbage-Collection
Recalculate-Hierarchy
Allocate-Rids
Recalculate-Security-Inheritance
DS-Check-Stale-Phantoms
Refresh-Group-Cache

Windows Server 2008

Entry Value
System-Only True
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.7000.47
Default-Hiding-Value 1
Rdn-Att-Id Common-Name
Subclass of Application-Settings
Possible Superiors ServerOrganization
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags 0x00000010

Windows Server 2008 Attributes

This class contains the following attributes for Windows Server 2008:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Application-Name False Application-Settings
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Common-Name False Top
Create-Time-Stamp False Top
Description False Top
Display-Name False Top
Display-Name-Printable False Top
DMD-Location False NTDS-DSA
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FRS-Root-Path False NTDS-DSA
FSMO-Role-Owner False Top
Has-Master-NCs False NTDS-DSA
Has-Partial-Replica-NCs False NTDS-DSA
Instance-Type True Top
Invocation-Id False NTDS-DSA
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Last-Backup-Restoration-Time False NTDS-DSA
Last-Known-Parent False Top
Managed-By False NTDS-DSA
Managed-Objects False Top
Mastered-By False Top
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Behavior-Version False NTDS-DSA
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Has-Domain-NCs False NTDS-DSA
ms-DS-Has-Full-Replica-NCs False NTDS-DSA
ms-DS-Has-Instantiated-NCs False NTDS-DSA
ms-DS-Has-Master-NCs False NTDS-DSA
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-isGC False NTDS-DSA
ms-DS-Is-Partial-Replica-For False Top
ms-DS-isRODC False NTDS-DSA
ms-DS-Is-User-Cachable-At-Rodc False NTDS-DSA
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Never-Reveal-Group False NTDS-DSA
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-ReplicationEpoch False NTDS-DSA
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Retired-Repl-NC-Signatures False NTDS-DSA
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Revealed-Users False NTDS-DSA
ms-DS-Reveal-OnDemand-Group False NTDS-DSA
ms-DS-Settings False Application-Settings
ms-DS-SiteName False NTDS-DSA
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-Exch-Owner-BL False Top
msSFU-30-Posix-Member-Of False Top
netboot-SCP-BL False Top
Network-Address False NTDS-DSA
Non-Security-Member-BL False Top
Notification-List False Application-Settings
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Options False NTDS-DSA
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Possible-Inferiors False Top
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
Query-Policy-Object False NTDS-DSA
RDN False Top
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Retired-Repl-DSA-Signatures False NTDS-DSA
Revision False Top
SD-Rights-Effective False Top
Server-Reference False NTDS-DSA
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top

Windows Server 2008 Extended Rights

This class contains the following extended rights for Windows Server 2008:

Common Name
Do-Garbage-Collection
Recalculate-Hierarchy
Allocate-Rids
Recalculate-Security-Inheritance
DS-Check-Stale-Phantoms
Refresh-Group-Cache
Reload-SSL-Certificate

Windows Server 2008 R2

Entry Value
System-Only True
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.7000.47
Default-Hiding-Value 1
Rdn-Att-Id Common-Name
Subclass of Application-Settings
Possible Superiors ServerOrganization
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags 0x00000010

Windows Server 2008 R2 Attributes

This class contains the following attributes for Windows Server 2008 R2:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Application-Name False Application-Settings
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Common-Name False Top
Create-Time-Stamp False Top
Description False Top
Display-Name False Top
Display-Name-Printable False Top
DMD-Location False NTDS-DSA
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FRS-Root-Path False NTDS-DSA
FSMO-Role-Owner False Top
Has-Master-NCs False NTDS-DSA
Has-Partial-Replica-NCs False NTDS-DSA
Instance-Type True Top
Invocation-Id False NTDS-DSA
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Is-Recycled False Top
Last-Backup-Restoration-Time False NTDS-DSA
Last-Known-Parent False Top
Managed-By False NTDS-DSA
Managed-Objects False Top
Mastered-By False Top
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Behavior-Version False NTDS-DSA
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Enabled-Feature False NTDS-DSA
ms-DS-Enabled-Feature-BL False Top
ms-DS-Has-Domain-NCs False NTDS-DSA
ms-DS-Has-Full-Replica-NCs False NTDS-DSA
ms-DS-Has-Instantiated-NCs False NTDS-DSA
ms-DS-Has-Master-NCs False NTDS-DSA
ms-DS-Host-Service-Account-BL False Top
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-isGC False NTDS-DSA
ms-DS-Is-Partial-Replica-For False Top
ms-DS-isRODC False NTDS-DSA
ms-DS-Is-User-Cachable-At-Rodc False NTDS-DSA
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Last-Known-RDN False Top
ms-DS-local-Effective-Deletion-Time False Top
ms-DS-local-Effective-Recycle-Time False Top
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Never-Reveal-Group False NTDS-DSA
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-OIDToGroup-Link-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-ReplicationEpoch False NTDS-DSA
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Retired-Repl-NC-Signatures False NTDS-DSA
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Revealed-Users False NTDS-DSA
ms-DS-Reveal-OnDemand-Group False NTDS-DSA
ms-DS-Settings False Application-Settings
ms-DS-SiteName False NTDS-DSA
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-Exch-Owner-BL False Top
msSFU-30-Posix-Member-Of False Top
netboot-SCP-BL False Top
Network-Address False NTDS-DSA
Non-Security-Member-BL False Top
Notification-List False Application-Settings
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Options False NTDS-DSA
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Possible-Inferiors False Top
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
Query-Policy-Object False NTDS-DSA
RDN False Top
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Retired-Repl-DSA-Signatures False NTDS-DSA
Revision False Top
SD-Rights-Effective False Top
Server-Reference False NTDS-DSA
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top

Windows Server 2008 R2 Extended Rights

This class contains the following extended rights for Windows Server 2008 R2:

Common Name
Do-Garbage-Collection
Recalculate-Hierarchy
Allocate-Rids
Recalculate-Security-Inheritance
DS-Check-Stale-Phantoms
Refresh-Group-Cache
Reload-SSL-Certificate

Windows Server 2012

Entry Value
System-Only True
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.7000.47
Default-Hiding-Value 1
Rdn-Att-Id Common-Name
Subclass of Application-Settings
Possible Superiors ServerOrganization
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags 0x00000010

Windows Server 2012 Attributes

This class contains the following attributes for Windows Server 2012:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Application-Name False Application-Settings
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Common-Name False Top
Create-Time-Stamp False Top
Description False Top
Display-Name False Top
Display-Name-Printable False Top
DMD-Location False NTDS-DSA
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Extension-Name False Top
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FRS-Root-Path False NTDS-DSA
FSMO-Role-Owner False Top
Has-Master-NCs False NTDS-DSA
Has-Partial-Replica-NCs False NTDS-DSA
Instance-Type True Top
Invocation-Id False NTDS-DSA
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Is-Recycled False Top
Last-Backup-Restoration-Time False NTDS-DSA
Last-Known-Parent False Top
Managed-By False NTDS-DSA
Managed-Objects False Top
Mastered-By False Top
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Behavior-Version False NTDS-DSA
ms-DS-Claim-Shares-Possible-Values-With-BL False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Enabled-Feature False NTDS-DSA
ms-DS-Enabled-Feature-BL False Top
ms-DS-Has-Domain-NCs False NTDS-DSA
ms-DS-Has-Full-Replica-NCs False NTDS-DSA
ms-DS-Has-Instantiated-NCs False NTDS-DSA
ms-DS-Has-Master-NCs False NTDS-DSA
ms-DS-Host-Service-Account-BL False Top
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-isGC False NTDS-DSA
ms-DS-Is-Partial-Replica-For False Top
ms-DS-Is-Primary-Computer-For False Top
ms-DS-isRODC False NTDS-DSA
ms-DS-Is-User-Cachable-At-Rodc False NTDS-DSA
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Last-Known-RDN False Top
ms-DS-local-Effective-Deletion-Time False Top
ms-DS-local-Effective-Recycle-Time False Top
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-Members-Of-Resource-Property-List-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Never-Reveal-Group False NTDS-DSA
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-OIDToGroup-Link-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-ReplicationEpoch False NTDS-DSA
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Retired-Repl-NC-Signatures False NTDS-DSA
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Revealed-Users False NTDS-DSA
ms-DS-Reveal-OnDemand-Group False NTDS-DSA
ms-DS-Settings False Application-Settings
ms-DS-SiteName False NTDS-DSA
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-DS-TDO-Egress-BL False Top
ms-DS-TDO-Ingress-BL False Top
ms-DS-Value-Type-Reference-BL False Top
ms-Exch-Owner-BL False Top
msSFU-30-Posix-Member-Of False Top
netboot-SCP-BL False Top
Network-Address False NTDS-DSA
Non-Security-Member-BL False Top
Notification-List False Application-Settings
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Options False NTDS-DSA
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Possible-Inferiors False Top
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
Query-Policy-Object False NTDS-DSA
RDN False Top
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Retired-Repl-DSA-Signatures False NTDS-DSA
Revision False Top
SD-Rights-Effective False Top
Server-Reference False NTDS-DSA
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top

Windows Server 2012 Extended Rights

This class contains the following extended rights for Windows Server 2012:

Common Name
Do-Garbage-Collection
Recalculate-Hierarchy
Allocate-Rids
Recalculate-Security-Inheritance
DS-Check-Stale-Phantoms
Refresh-Group-Cache
Reload-SSL-Certificate

Windows Server 2012 Validated Writes

This class contains the following validated writes for Windows Server 2012:

Common Name
Validated-MS-DS-Behavior-Version