Specifies the user's security identifier.
| Attribute property | Value | Description |
|---|---|---|
| adminDisplayName | Object-Sid | Display name of this object for use in directory service administrative tools. |
| adminDescription | Object-Sid | Description of this object for use in directory service administrative tools. |
| cn | Object-Sid | Common name. |
| lDAPDisplayName | objectSid | The name used by LDAP clients to refer to the object's class. |
| attributeID | 1.2.840.113556.1.4.146 | A unique OID that identifies the attribute. |
| objectClass | Attribute-Schema | The class of which this object is an instance. |
| objectCategory | Attribute-Schema | Reference to an object class or one of its superclasses, which is used when searching for this object. |
| schemaIDGUID | {BF9679E8-0DE6-11D0-A285-00AA003049E2} | A GUID that uniquely identifies this object. You can use this string value in an ACE to control access to objects of this object. |
| attributeSyntax | 2.5.5.17 | An OID of a syntax. The combination of the attributeSyntax and oMSyntax properties determines the syntax of an attribute. |
| oMSyntax | 4 | Syntax of this attribute as defined by the XAPIA XOM (X/Open Object Model) specification. |
| isSingleValued | TRUE | TRUE means that the attribute has a single value, FALSE means that the attribute can have multiple values. |
| mAPIID | 32807 | An integer by which MAPI clients identify this attribute. |
| rangeUpper | 28 | Upper bounds of the value range for this attribute. |
| attributeSecurityGUID | {59BA2F42-79A2-11D0-9020-00C04FC2D3CF} | An optional GUID that identifies the attribute as a member of an attribute set(also known as a property set). |
| isMemberOfPartialAttributeSet | TRUE | TRUE means that the attribute is replicated to the global catalog. FALSE means that the attribute is not included in the global catalog. |
| searchFlags | 9 | An integer value whose least significant bit indicates whether the attribute is indexed. The four bit flags in this value are: 1 = Index over attribute only 2 = Index over container and attribute 4 = Add this attribute to the Ambiguous Name Resolution set, used together with 0x0001 8 = Preserve this attribute in the tombstone object for deleted objects. |
| showInAdvancedViewOnly | TRUE | TRUE means that the object will apear in the Advanced View of the Users and Computers snap-in only, but not in the Windows shell. FALSE means that the object will appear in Normal view of the Users and Computers snap-in and the Windows shell. |
| systemFlags | 18 | An integer value that contains flags that define additional properties of this object. Category 1 classes or attributes have the 0x10 bit set by the system and cannot be set by users. They are shipped with Active Directory. For more information, see ADS_SYSETMFLAG_ENUM enumeration in ADSI Reference. |
| systemOnly | FALSE | TRUE means that only Active Directory can modify the class of this object. FALSE means users can make the modification as well. |
| Remarks | The security identifier (SID) is a unique value that identifies the user as a security principal. It is a binary value that is set by the system when the user is created. Each user has a unique SID issued by a Windows® 2000 domain and stored in the objectSid property of the user object in the directory. Each time a user logs on, the system retrieves the user's SID from the directory and places it in the user's access token. The user's SID is also used to retrieve the SIDs for the groups in which the user is a member and places them in the user's access token. The system uses the SIDs in the user's access token to identify the user and the user's group memberships in all subsequent interactions with Windows NT® security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. |