MS-DS-Per-User-Trust-Quota attribute

Used to enforce a per-user quota for creating Trusted-Domain objects that are authorized by the new control access right, Create-Inbound-Forest-Trust. This attribute limits the number of Trusted-Domain objects that can be created by a single non-admin user.

Entry Value
CN MS-DS-Per-User-Trust-Quota
Ldap-Display-Name msDS-PerUserTrustQuota
Size -
Update Privilege Domain administrator
Update Frequency At forest creation and rarely after that.
Attribute-Id 1.2.840.113556.1.4.1788
System-Id-Guid d161adf0-ca24-4993-a3aa-8b2c981302e8
Syntax Enumeration

Implementations

Windows Server 2003

Entry Value
Link-Id -
MAPI-Id -
System-Only False
Is-Single-Valued True
Is Indexed False
In Global Catalog False
NT-Security-Descriptor O:BAG:BAD:S:
Range-Lower -
Range-Upper -
Search-Flags 0x00000000
System-Flags 0x00000010
Classes used in Sam-Domain

Windows Server 2003 R2

Entry Value
Link-Id -
MAPI-Id -
System-Only False
Is-Single-Valued True
Is Indexed False
In Global Catalog False
NT-Security-Descriptor O:BAG:BAD:S:
Range-Lower -
Range-Upper -
Search-Flags 0x00000000
System-Flags 0x00000010
Classes used in Sam-Domain

Windows Server 2008

Entry Value
Link-Id -
MAPI-Id -
System-Only False
Is-Single-Valued True
Is Indexed False
In Global Catalog False
NT-Security-Descriptor O:BAG:BAD:S:
Range-Lower -
Range-Upper -
Search-Flags 0x00000000
System-Flags 0x00000010
Classes used in Sam-Domain

Windows Server 2008 R2

Entry Value
Link-Id -
MAPI-Id -
System-Only False
Is-Single-Valued True
Is Indexed False
In Global Catalog False
NT-Security-Descriptor O:BAG:BAD:S:
Range-Lower -
Range-Upper -
Search-Flags 0x00000000
System-Flags 0x00000010
Classes used in Sam-Domain

Windows Server 2012

Entry Value
Link-Id -
MAPI-Id -
System-Only False
Is-Single-Valued True
Is Indexed False
In Global Catalog False
NT-Security-Descriptor O:BAG:BAD:S:
Range-Lower -
Range-Upper -
Search-Flags 0x00000000
System-Flags 0x00000010
Classes used in Sam-Domain