Organizational-Unit class

A container for storing users, computers, and other account objects.

Entry Value
CN Organizational-Unit
Ldap-Display-Name organizationalUnit
Update Privilege Anyone may update this object.
Update Frequency -
Schema-Id-Guid bf967aa5-0de6-11d0-a285-00aa003049e2

Implementations

Windows 2000 Server

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 2.5.6.5
Default-Hiding-Value 0
Rdn-Att-Id Organizational-Unit-Name
Subclass of Top
Possible Superiors Domain-DNSOrganizational-UnitOrganization
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)
System-Flags 0x00000010

Windows 2000 Server Attributes

This class contains the following attributes for Windows 2000 Server:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Bridgehead-Server-List-BL False Top
Business-Category False Organizational-Unit
Canonical-Name False Top
Common-Name False Top
Country-Code False Organizational-Unit
Country-Name False Organizational-Unit
Create-Time-Stamp False Top
Default-Group False Organizational-Unit
Description False Top
Desktop-Profile False Organizational-Unit
Destination-Indicator False Organizational-Unit
Display-Name False Top
Display-Name-Printable False Top
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Unit
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
GP-Link False Organizational-Unit
GP-Options False Organizational-Unit
Instance-Type True Top
International-ISDN-Number False Organizational-Unit
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Last-Known-Parent False Top
Locality-Name False Organizational-Unit
Logo False Organizational-Unit
Managed-By False Organizational-Unit
Managed-Objects False Top
Mastered-By False Top
Modify-Time-Stamp False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
netboot-SCP-BL False Top
Non-Security-Member-BL False Top
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Organizational-Unit-Name True Organizational-Unit
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Physical-Delivery-Office-Name False Organizational-Unit
Possible-Inferiors False Top
Postal-Address False Organizational-Unit
Postal-Code False Organizational-Unit
Post-Office-Box False Organizational-Unit
Preferred-Delivery-Method False Organizational-Unit
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Unit
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
SD-Rights-Effective False Top
Search-Guide False Organizational-Unit
See-Also False Organizational-Unit
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Unit
Street-Address False Organizational-Unit
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
Telephone-Number False Organizational-Unit
Teletex-Terminal-Identifier False Organizational-Unit
Telex-Number False Organizational-Unit
Text-Country False Organizational-Unit
UPN-Suffixes False Organizational-Unit
User-Password False Organizational-Unit
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Unit

Windows Server 2003

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 2.5.6.5
Default-Hiding-Value 0
Rdn-Att-Id Organizational-Unit-Name
Subclass of Top
Possible Superiors Domain-DNSOrganizational-UnitOrganizationCountry
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)
System-Flags 0x00000010

Windows Server 2003 Attributes

This class contains the following attributes for Windows Server 2003:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Bridgehead-Server-List-BL False Top
Business-Category False Organizational-Unit
Canonical-Name False Top
Common-Name False Top
Country-Code False Organizational-Unit
Country-Name False Organizational-Unit
Create-Time-Stamp False Top
Default-Group False Organizational-Unit
Description False Top
Desktop-Profile False Organizational-Unit
Destination-Indicator False Organizational-Unit
Display-Name False Top
Display-Name-Printable False Top
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Unit
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
GP-Link False Organizational-Unit
GP-Options False Organizational-Unit
Instance-Type True Top
International-ISDN-Number False Organizational-Unit
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Last-Known-Parent False Top
Locality-Name False Organizational-Unit
Logo False Organizational-Unit
Managed-By False Organizational-Unit
Managed-Objects False Top
Mastered-By False Top
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-COM-UserPartitionSetLink False Organizational-Unit
ms-DS-Approx-Immed-Subordinates False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-Exch-Owner-BL False Top
netboot-SCP-BL False Top
Non-Security-Member-BL False Top
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Organizational-Unit-Name True Organizational-Unit
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Physical-Delivery-Office-Name False Organizational-Unit
Possible-Inferiors False Top
Postal-Address False Organizational-Unit
Postal-Code False Organizational-Unit
Post-Office-Box False Organizational-Unit
Preferred-Delivery-Method False Organizational-Unit
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Unit
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
SD-Rights-Effective False Top
Search-Guide False Organizational-Unit
See-Also False Organizational-Unit
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Unit
Street-Address False Organizational-Unit
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
Telephone-Number False Organizational-Unit
Teletex-Terminal-Identifier False Organizational-Unit
Telex-Number False Organizational-Unit
Text-Country False Organizational-Unit
UPN-Suffixes False Organizational-Unit
User-Password False Organizational-Unit
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Unit

Windows Server 2003 Extended Rights

This class contains the following extended rights for Windows Server 2003:

Common Name
Generate-RSoP-Planning
Generate-RSoP-Logging

ADAM

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 2.5.6.5
Default-Hiding-Value 0
Rdn-Att-Id Organizational-Unit-Name
Subclass of Top
Possible Superiors Domain-DNSOrganizational-UnitOrganizationCountry
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:S:
System-Flags 0x00000010

ADAM Attributes

This class contains the following attributes for ADAM:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Bridgehead-Server-List-BL False Top
Business-Category False Organizational-Unit
Canonical-Name False Top
Common-Name False Top
Country-Code False Organizational-Unit
Country-Name False Organizational-Unit
Create-Time-Stamp False Top
Default-Group False Organizational-Unit
Description False Top
Desktop-Profile False Organizational-Unit
Destination-Indicator False Organizational-Unit
Display-Name False Top
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Facsimile-Telephone-Number False Organizational-Unit
From-Entry False Top
FSMO-Role-Owner False Top
Instance-Type True Top
International-ISDN-Number False Organizational-Unit
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Last-Known-Parent False Top
Locality-Name False Organizational-Unit
Logo False Organizational-Unit
Managed-By False Organizational-Unit
Managed-Objects False Top
Mastered-By False Top
Modify-Time-Stamp False Top
ms-DS-Approx-Immed-Subordinates False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Disable-For-Instances-BL False Top
ms-DS-Mastered-By False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Service-Account-BL False Top
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Organizational-Unit-Name True Organizational-Unit
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Physical-Delivery-Office-Name False Organizational-Unit
Possible-Inferiors False Top
Postal-Address False Organizational-Unit
Postal-Code False Organizational-Unit
Post-Office-Box False Organizational-Unit
Preferred-Delivery-Method False Organizational-Unit
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Unit
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reps-From False Top
Reps-To False Top
Revision False Top
SD-Rights-Effective False Top
Search-Guide False Organizational-Unit
See-Also False Organizational-Unit
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Unit
Street-Address False Organizational-Unit
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
Telephone-Number False Organizational-Unit
Teletex-Terminal-Identifier False Organizational-Unit
Telex-Number False Organizational-Unit
Text-Country False Organizational-Unit
UPN-Suffixes False Organizational-Unit
User-Password False Organizational-Unit
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Unit

Windows Server 2003 R2

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 2.5.6.5
Default-Hiding-Value 0
Rdn-Att-Id Organizational-Unit-Name
Subclass of Top
Possible Superiors Domain-DNSOrganizational-UnitOrganizationCountry
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)
System-Flags 0x00000010

Windows Server 2003 R2 Attributes

This class contains the following attributes for Windows Server 2003 R2:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Bridgehead-Server-List-BL False Top
Business-Category False Organizational-Unit
Canonical-Name False Top
Common-Name False Top
Country-Code False Organizational-Unit
Country-Name False Organizational-Unit
Create-Time-Stamp False Top
Default-Group False Organizational-Unit
Description False Top
Desktop-Profile False Organizational-Unit
Destination-Indicator False Organizational-Unit
Display-Name False Top
Display-Name-Printable False Top
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Unit
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
GP-Link False Organizational-Unit
GP-Options False Organizational-Unit
Instance-Type True Top
International-ISDN-Number False Organizational-Unit
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Last-Known-Parent False Top
Locality-Name False Organizational-Unit
Logo False Organizational-Unit
Managed-By False Organizational-Unit
Managed-Objects False Top
Mastered-By False Top
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-COM-UserPartitionSetLink False Organizational-Unit
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Approx-Immed-Subordinates False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-Exch-Owner-BL False Top
msSFU-30-Posix-Member-Of False Top
netboot-SCP-BL False Top
Non-Security-Member-BL False Top
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Organizational-Unit-Name True Organizational-Unit
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Physical-Delivery-Office-Name False Organizational-Unit
Possible-Inferiors False Top
Postal-Address False Organizational-Unit
Postal-Code False Organizational-Unit
Post-Office-Box False Organizational-Unit
Preferred-Delivery-Method False Organizational-Unit
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Unit
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
SD-Rights-Effective False Top
Search-Guide False Organizational-Unit
See-Also False Organizational-Unit
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Unit
Street-Address False Organizational-Unit
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
Telephone-Number False Organizational-Unit
Teletex-Terminal-Identifier False Organizational-Unit
Telex-Number False Organizational-Unit
Text-Country False Organizational-Unit
UPN-Suffixes False Organizational-Unit
User-Password False Organizational-Unit
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Unit

Windows Server 2003 R2 Extended Rights

This class contains the following extended rights for Windows Server 2003 R2:

Common Name
Generate-RSoP-Planning
Generate-RSoP-Logging

Windows Server 2008

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 2.5.6.5
Default-Hiding-Value 0
Rdn-Att-Id Organizational-Unit-Name
Subclass of Top
Possible Superiors Domain-DNSOrganizational-UnitOrganizationCountry
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)
System-Flags 0x00000010

Windows Server 2008 Attributes

This class contains the following attributes for Windows Server 2008:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Bridgehead-Server-List-BL False Top
Business-Category False Organizational-Unit
Canonical-Name False Top
Common-Name False Top
Country-Code False Organizational-Unit
Country-Name False Organizational-Unit
Create-Time-Stamp False Top
Default-Group False Organizational-Unit
Description False Top
Desktop-Profile False Organizational-Unit
Destination-Indicator False Organizational-Unit
Display-Name False Top
Display-Name-Printable False Top
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Unit
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
GP-Link False Organizational-Unit
GP-Options False Organizational-Unit
Instance-Type True Top
International-ISDN-Number False Organizational-Unit
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Last-Known-Parent False Top
Locality-Name False Organizational-Unit
Logo False Organizational-Unit
Managed-By False Organizational-Unit
Managed-Objects False Top
Mastered-By False Top
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-COM-UserPartitionSetLink False Organizational-Unit
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedTo-Accountlist False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-Is-Partial-Replica-For False Top
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-Exch-Owner-BL False Top
msSFU-30-Posix-Member-Of False Top
netboot-SCP-BL False Top
Non-Security-Member-BL False Top
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Organizational-Unit-Name True Organizational-Unit
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Physical-Delivery-Office-Name False Organizational-Unit
Possible-Inferiors False Top
Postal-Address False Organizational-Unit
Postal-Code False Organizational-Unit
Post-Office-Box False Organizational-Unit
Preferred-Delivery-Method False Organizational-Unit
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Unit
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
SD-Rights-Effective False Top
Search-Guide False Organizational-Unit
See-Also False Organizational-Unit
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Unit
Street-Address False Organizational-Unit
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
Telephone-Number False Organizational-Unit
Teletex-Terminal-Identifier False Organizational-Unit
Telex-Number False Organizational-Unit
Text-Country False Organizational-Unit
UPN-Suffixes False Organizational-Unit
User-Password False Organizational-Unit
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Unit

Windows Server 2008 Extended Rights

This class contains the following extended rights for Windows Server 2008:

Common Name
Generate-RSoP-Planning
Generate-RSoP-Logging

Windows Server 2008 R2

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 2.5.6.5
Default-Hiding-Value 0
Rdn-Att-Id Organizational-Unit-Name
Subclass of Top
Possible Superiors Domain-DNSOrganizational-UnitOrganizationCountry
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)
System-Flags 0x00000010

Windows Server 2008 R2 Attributes

This class contains the following attributes for Windows Server 2008 R2:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Bridgehead-Server-List-BL False Top
Business-Category False Organizational-Unit
Canonical-Name False Top
Common-Name False Top
Country-Code False Organizational-Unit
Country-Name False Organizational-Unit
Create-Time-Stamp False Top
Default-Group False Organizational-Unit
Description False Top
Desktop-Profile False Organizational-Unit
Destination-Indicator False Organizational-Unit
Display-Name False Top
Display-Name-Printable False Top
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Unit
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
GP-Link False Organizational-Unit
GP-Options False Organizational-Unit
Instance-Type True Top
International-ISDN-Number False Organizational-Unit
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Is-Recycled False Top
Last-Known-Parent False Top
Locality-Name False Organizational-Unit
Logo False Organizational-Unit
Managed-By False Organizational-Unit
Managed-Objects False Top
Mastered-By False Top
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-COM-UserPartitionSetLink False Organizational-Unit
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedTo-Accountlist False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Enabled-Feature-BL False Top
ms-DS-Host-Service-Account-BL False Top
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-Is-Partial-Replica-For False Top
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Last-Known-RDN False Top
ms-DS-local-Effective-Deletion-Time False Top
ms-DS-local-Effective-Recycle-Time False Top
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-OIDToGroup-Link-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-Exch-Owner-BL False Top
msSFU-30-Posix-Member-Of False Top
netboot-SCP-BL False Top
Non-Security-Member-BL False Top
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Organizational-Unit-Name True Organizational-Unit
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Physical-Delivery-Office-Name False Organizational-Unit
Possible-Inferiors False Top
Postal-Address False Organizational-Unit
Postal-Code False Organizational-Unit
Post-Office-Box False Organizational-Unit
Preferred-Delivery-Method False Organizational-Unit
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Unit
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
SD-Rights-Effective False Top
Search-Guide False Organizational-Unit
See-Also False Organizational-Unit
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Unit
Street-Address False Organizational-Unit
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
Telephone-Number False Organizational-Unit
Teletex-Terminal-Identifier False Organizational-Unit
Telex-Number False Organizational-Unit
Text-Country False Organizational-Unit
UPN-Suffixes False Organizational-Unit
User-Password False Organizational-Unit
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Unit

Windows Server 2008 R2 Extended Rights

This class contains the following extended rights for Windows Server 2008 R2:

Common Name
Generate-RSoP-Planning
Generate-RSoP-Logging

Windows Server 2012

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 2.5.6.5
Default-Hiding-Value 0
Rdn-Att-Id Organizational-Unit-Name
Subclass of Top
Possible Superiors Domain-DNSOrganizational-UnitOrganizationCountry
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)
System-Flags 0x00000010

Windows Server 2012 Attributes

This class contains the following attributes for Windows Server 2012:

Attribute Mandatory Derived from
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Bridgehead-Server-List-BL False Top
Business-Category False Organizational-Unit
Canonical-Name False Top
Common-Name False Top
Country-Code False Organizational-Unit
Country-Name False Organizational-Unit
Create-Time-Stamp False Top
Default-Group False Organizational-Unit
Description False Top
Desktop-Profile False Organizational-Unit
Destination-Indicator False Organizational-Unit
Display-Name False Top
Display-Name-Printable False Top
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Unit
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
GP-Link False Organizational-Unit
GP-Options False Organizational-Unit
Instance-Type True Top
International-ISDN-Number False Organizational-Unit
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Is-Recycled False Top
Last-Known-Parent False Top
Locality-Name False Organizational-Unit
Logo False Organizational-Unit
Managed-By False Organizational-Unit
Managed-Objects False Top
Mastered-By False Top
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-COM-UserPartitionSetLink False Organizational-Unit
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Claim-Shares-Possible-Values-With-BL False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
ms-DS-Enabled-Feature-BL False Top
ms-DS-Host-Service-Account-BL False Top
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-Is-Partial-Replica-For False Top
ms-DS-Is-Primary-Computer-For False Top
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Last-Known-RDN False Top
ms-DS-local-Effective-Deletion-Time False Top
ms-DS-local-Effective-Recycle-Time False Top
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-Members-Of-Resource-Property-List-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-OIDToGroup-Link-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-DS-TDO-Egress-BL False Top
ms-DS-TDO-Ingress-BL False Top
ms-DS-Value-Type-Reference-BL False Top
ms-Exch-Owner-BL False Top
msSFU-30-Posix-Member-Of False Top
netboot-SCP-BL False Top
Non-Security-Member-BL False Top
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Organizational-Unit-Name True Organizational-Unit
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Physical-Delivery-Office-Name False Organizational-Unit
Possible-Inferiors False Top
Postal-Address False Organizational-Unit
Postal-Code False Organizational-Unit
Post-Office-Box False Organizational-Unit
Preferred-Delivery-Method False Organizational-Unit
Proxied-Object-Name False Top
Proxy-Addresses False Top
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Unit
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
SD-Rights-Effective False Top
Search-Guide False Organizational-Unit
See-Also False Organizational-Unit
Server-Reference-BL False Top
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Unit
Street-Address False Organizational-Unit
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
System-Flags False Top
Telephone-Number False Organizational-Unit
Teletex-Terminal-Identifier False Organizational-Unit
Telex-Number False Organizational-Unit
Text-Country False Organizational-Unit
UPN-Suffixes False Organizational-Unit
User-Password False Organizational-Unit
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Unit

Windows Server 2012 Extended Rights

This class contains the following extended rights for Windows Server 2012:

Common Name
Generate-RSoP-Planning
Generate-RSoP-Logging