3.1.6.11.6 User

  • Article

  1. A User ADM element instance MUST be created, and rDirectoryObject MUST be set to this new User ADM element instance.

  2. The attributes listed in iADMAttributeList MUST be set on rDirectoryObject, using the attribute names in iLDAPAttributeList and the corresponding values in iValues, according to the following table. If the value of the LDAP attribute required to compute the User ADM element attribute is empty in iValues, depending on the attribute, either a default value MUST be supplied, or that is an error condition.<17> If an error condition occurs, rStatus MUST be set to DirectoryOperationResult.GenericError, rDirectoryObject is undefined, and processing MUST end.

    User ADM element attribute

    Attribute value computation

    If not set, default value or error?

    Identifier

    GUID copied from objectGUID ([MS-ADA3] section 2.44).

    Error

    SecurityIdentifier

    SID copied from objectSid ([MS-ADA3] section 2.45).

    Error

    CertificateDigestList

    List of GUIDs copied from mSMQDigests ([MS-ADA2] section 2.554).

    Default value

    Certificates

    MQUSERSIGNCERTS ([MS-MQMQ] section 2.2.21) structure copied from mSMQSignCertificates ([MS-ADA2] section 2.587).

    Default value

    FullPath

    Distinguished name copied from distinguishedName ([MS-ADA1] section 2.177).

    Error

  3. rStatus MUST be set to DirectoryOperationResult.Success, and processing MUST end.