5.16.3.16 String(NT-Sec-Desc)
The representation used in LDAP syntax and encoding of ATTRVAL payload is the same. Therefore the payload is set to the same value. The valLen field of ATTRVAL equals the number of bytes in the payload. All the multibyte quantities in the security descriptor structure are stored in little-endian format.
-
LDAP value: (binary blob, represented in hex format here) 0100048c7000000080000000000000001400000004005c0003000000050028000001000001000000531a72ab2f1ed011981900aa0040529b01010000000000050a00000000121800ff010f0001020000000000052000000020020000001214009400020001010000000000050b000000010200001cd509a01845935900020000010200001cd509a01845935900020000 This represents the following self-relative security descriptor value: SD Revision: 1 SD Control: 0x8c04 SE_DACL_PRESENT SE_DACL_AUTO_INHERITED SE_SACL_AUTO_INHERITED SE_SELF_RELATIVE Owner: S-1-483723680-1502823704-512 Group: S-1-483723680-1502823704-512 DACL: Revision 4 Size: 92 bytes # Aces: 3 Ace[0] Ace Type: 0x5 - ACCESS_ALLOWED_OBJECT_ACE_TYPE Ace Size: 40 bytes Ace Flags: 0x0 Object Ace Mask: 0x00000100 ACTRL_DS_CONTROL_ACCESS Object Ace Flags: 0x1 ACE_OBJECT_TYPE_PRESENT Object Ace Type: Change Password-ab721a53-1e2f-11d0-9819-00aa0040529b Object Ace Sid: NT AUTHORITY\SELF [S-1-5-10] Ace[1] Ace Type: 0x0 - ACCESS_ALLOWED_ACE_TYPE Ace Size: 24 bytes Ace Flags: 0x12 CONTAINER_INHERIT_ACE INHERITED_ACE Ace Mask: 0x000f01ff DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ACTRL_DS_CREATE_CHILD ACTRL_DS_DELETE_CHILD ACTRL_DS_LIST ACTRL_DS_SELF ACTRL_DS_READ_PROP ACTRL_DS_WRITE_PROP ACTRL_DS_DELETE_TREE ACTRL_DS_LIST_OBJECT ACTRL_DS_CONTROL_ACCESS Ace Sid: BUILTIN\Administrators [S-1-5-32-544] Ace[2] Ace Type: 0x0 - ACCESS_ALLOWED_ACE_TYPE Ace Size: 20 bytes Ace Flags: 0x12 CONTAINER_INHERIT_ACE INHERITED_ACE Ace Mask: 0x00020094 READ_CONTROL ACTRL_DS_LIST ACTRL_DS_READ_PROP ACTRL_DS_LIST_OBJECT Ace Sid: NT AUTHORITY\Authenticated Users [S-1-5-11] valLen: 144 paylaod: 01 00 04 8c 70 00 00 00 80 00 00 00 00 00 00 00 ....p........... 14 00 00 00 04 00 5c 00 03 00 00 00 05 00 28 00 ......\.......(. 00 01 00 00 01 00 00 00 53 1a 72 ab 2f 1e d0 11 ........S.r./... 98 19 00 aa 00 40 52 9b 01 01 00 00 00 00 00 05 .....@R......... 0a 00 00 00 00 12 18 00 ff 01 0f 00 01 02 00 00 ................ 00 00 00 05 20 00 00 00 20 02 00 00 00 12 14 00 .... ... ....... 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 ................ 01 02 00 00 1c d5 09 a0 18 45 93 59 00 02 00 00 .........E.Y.... 01 02 00 00 1c d5 09 a0 18 45 93 59 00 02 00 00 .........E.Y....