2.2.1.5.13 NETLOGON_DELTA_GROUP

The NETLOGON_DELTA_GROUP structure contains information about a SAM group account. This structure is used for replicating the group data from the PDC to a BDC, as detailed in section 3.6.

 typedef struct _NETLOGON_DELTA_GROUP {
   RPC_UNICODE_STRING Name;
   ULONG RelativeId;
   ULONG Attributes;
   RPC_UNICODE_STRING AdminComment;
   SECURITY_INFORMATION SecurityInformation;
   ULONG SecuritySize;
   [size_is(SecuritySize)] UCHAR* SecurityDescriptor;
   RPC_UNICODE_STRING DummyString1;
   RPC_UNICODE_STRING DummyString2;
   RPC_UNICODE_STRING DummyString3;
   RPC_UNICODE_STRING DummyString4;
   ULONG DummyLong1;
   ULONG DummyLong2;
   ULONG DummyLong3;
   ULONG DummyLong4;
 } NETLOGON_DELTA_GROUP,
  *PNETLOGON_DELTA_GROUP;

Name: A RPC_UNICODE_STRING structure that contains the group name.

RelativeId: The RID for the group.

Attributes: A set of bit flags that describe attributes of the SID. An attribute is true (or set) if its value is equal to 1. The value is constructed from one or more bit flags from the following table.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

C

B

A

Where the bits are defined as:

Value

Description

A

The SID cannot have the SE_GROUP_ENABLED attribute removed. Corresponds to the SID attribute SE_GROUP_MANDATORY. This attribute prevents the user from disabling the group. Disabling a group causes the group to be ignored by access validation routines.

B

The SID is enabled by default (as opposed to being enabled by an application). Corresponds to the SID attribute SE_GROUP_ENABLED_BY_DEFAULT.

C

The SID is enabled for access checks. Corresponds to the SID attribute SE_GROUP_ENABLED.

All other bits MUST be set to zero and MUST be ignored on receipt. For more information, see [MSDOCS-TokenGrp].

AdminComment: An RPC_UNICODE_STRING structure, as specified in [MS-DTYP] section 2.3.10, that contains an administrative comment for the group.

SecurityInformation: A SECURITY_INFORMATION structure, as specified in [MS-DTYP] section 2.4.7, that specifies portions of a security descriptor about the group.

SecuritySize: The size, in bytes, of the SecurityDescriptor field.

SecurityDescriptor: A pointer to a SECURITY_DESCRIPTOR structure, as specified in [MS-DTYP] section 2.4.6, that contains the security settings of the group object.

DummyString1: A STRING structure, defined in section 2.2.1.1.2, that MUST contain 0 for the Length field, 0 for the MaximumLength field, and NULL for the Buffer field. It is ignored upon receipt. The Netlogon usage of dummy fields is described in section 1.3.8.1.2.

DummyString2: See definition for DummyString1.

DummyString3: See definition for DummyString1.

DummyString4: See definition for DummyString1.

DummyLong1: MUST be set to zero and MUST be ignored on receipt. The Netlogon usage of dummy fields is described in section 1.3.8.1.2.

DummyLong2: See definition for DummyLong1.

DummyLong3: See definition for DummyLong1.

DummyLong4: See definition for DummyLong1.