Used by DS Security to determine what users can perform specific operations on the host object.
Attribute property | Value | Description |
---|---|---|
adminDisplayName | Control-Access-Rights | Display name of this object for use in directory service administrative tools. |
adminDescription | Control-Access-Rights | Description of this object for use in directory service administrative tools. |
cn | Control-Access-Rights | Common name. |
lDAPDisplayName | controlAccessRights | The name used by LDAP clients to refer to the object's class. |
attributeID | 1.2.840.113556.1.4.200 | A unique OID that identifies the attribute. |
objectClass | Attribute-Schema | The class of which this object is an instance. |
objectCategory | Attribute-Schema | Reference to an object class or one of its superclasses, which is used when searching for this object. |
schemaIDGUID | {6DA8A4FC-0E52-11D0-A286-00AA003049E2} | A GUID that uniquely identifies this object. You can use this string value in an ACE to control access to objects of this object. |
attributeSyntax | 2.5.5.10 | An OID of a syntax. The combination of the attributeSyntax and oMSyntax properties determines the syntax of an attribute. |
oMSyntax | 4 | Syntax of this attribute as defined by the XAPIA XOM (X/Open Object Model) specification. |
isSingleValued | FALSE | TRUE means that the attribute has a single value, FALSE means that the attribute can have multiple values. |
rangeLower | 16 | Lower bounds of the value range for this attribute. |
rangeUpper | 16 | Upper bounds of the value range for this attribute. |
attributeSecurityGUID | -- not set -- | An optional GUID that identifies the attribute as a member of an attribute set(also known as a property set). |
showInAdvancedViewOnly | TRUE | TRUE means that the object will apear in the Advanced View of the Users and Computers snap-in only, but not in the Windows shell. FALSE means that the object will appear in Normal view of the Users and Computers snap-in and the Windows shell. |
systemFlags | 16 | An integer value that contains flags that define additional properties of this object. Category 1 classes or attributes have the 0x10 bit set by the system and cannot be set by users. They are shipped with Active Directory. For more information, see ADS_SYSETMFLAG_ENUM enumeration in ADSI Reference. |
systemOnly | FALSE | TRUE means that only Active Directory can modify the class of this object. FALSE means users can make the modification as well. |