DomainDNS
Windows NT domain with DNS-based (DC=) naming.
Columns
Name | Type | ReadOnly | References | DataFormat | Description |
Id [KEY] | String | True |
Combined index and DN. Multiple indices are only possible when a column is set to SplitDataByRow. | ||
DN | String | True |
The full distinguished name. | ||
RDN | String | False |
The relative distinguished name. | ||
BaseDN | String | True |
The base distinguished name. | ||
CACertificate | String | False | DelimitedData |
Certificates of trusted Certification Authorities. | |
Dc | String | False | DelimitedData |
The naming attribute for Domain and DNS objects. Usually displayed as dc=DomainName. | |
InstanceType | String | False | DelimitedData |
A bitfield that dictates how the object is instantiated on a particular server. The value of this attribute can differ on different replicas even if the replicas are in sync. | |
NTSecurityDescriptor | String | False | DelimitedData |
The Windows NT security descriptor for the schema object. A security descriptor is a data structure that contains security information about an object, such as the ownership and permissions of the object. | |
ObjectCategory | String | False | DelimitedData |
An object class name used to group objects of this or derived classes. | |
ObjectClass | String | False | DelimitedData |
The list of classes from which this class is derived. | |
AdminDescription | String | False | DelimitedData |
The description displayed on admin screens. | |
AdminDisplayName | String | False | DelimitedData |
The name to be displayed on admin screens. | |
AllowedAttributes | String | False | DelimitedData |
Attributes that will be permitted to be assigned to a class. | |
AllowedAttributesEffective | String | False | DelimitedData |
A list of attributes that can be modified on the object. | |
AllowedChildClasses | String | False | DelimitedData |
Classes that can be contained by a class. | |
AllowedChildClassesEffective | String | False | DelimitedData |
A list of classes that can be modified. | |
AuditingPolicy | String | False | DelimitedData |
Auditing policy for the local policy. | |
BridgeheadServerListBL | String | False | DelimitedData |
The list of servers that are bridgeheads for replication. | |
BuiltinCreationTime | String | False | DelimitedData |
The Builtin-Creation-Time attribute is used to support replication to Windows NT 4.0 domains. | |
BuiltinModifiedCount | String | False | DelimitedData |
The Builtin-Modified-Count attribute is used to support replication to Windows NT 4.0 domains. | |
CanonicalName | String | False | DelimitedData |
The name of the object in canonical format. myserver2.fabrikam.com/users/jeffsmith is an example of a distinguished name in canonical format. This is a constructed attribute. The results returned are identical to those returned by the following Active Directory function: DsCrackNames(NULL, DS_NAME_FLAG_SYNTACTICAL_ONLY, DS_FQDN_1779_NAME, DS_CANONICAL_NAME, ...). | |
Cn | String | False | DelimitedData |
The name that represents an object. Used to perform searches. | |
ControlAccessRights | String | False | DelimitedData |
Used by DS Security to determine which users can perform specific operations on the host object. | |
CreateTimeStamp | String | False | DelimitedData |
The date when this object was created. This value is replicated. | |
CreationTime | String | False | DelimitedData |
The date and time that the object was created. | |
DefaultLocalPolicyObject | String | False | DelimitedData |
A reference to a Policy object that defines the local policy for the host object. | |
Description | String | False | DelimitedData |
Contains the description to display for an object. This value is restricted as single-valued for backward compatibility in some cases but is allowed to be multi-valued in others. See Remarks. | |
DesktopProfile | String | False | DelimitedData |
The location of the desktop profile for a user or group of users. Not used. | |
DisplayName | String | False | DelimitedData |
The display name for an object. This is usually the combination of the users first name, middle initial, and last name. | |
DisplayNamePrintable | String | False | DelimitedData |
The printable display name for an object. The printable display name is usually the combination of the user's first name, middle initial, and last name. | |
DomainPolicyObject | String | False | DelimitedData |
Reference to the policy object that defines the Local Security Authority policy for the host domain. | |
DSASignature | String | False | DelimitedData |
The DSA-Signature of an object is the Invocation-ID of the last directory to modify the object. | |
DSCorePropagationData | String | False | DelimitedData |
The DS-Core-Propagation-Data attribute is for internal use only. | |
EFSPolicy | String | False | DelimitedData |
The Encrypting File System Policy. | |
ExtensionName | String | False | DelimitedData |
The name of a property page used to extend the UI of a directory object. | |
Flags | String | False | DelimitedData |
To be used by the object to store bit information. | |
FromEntry | String | False | DelimitedData |
This is a constructed attribute that is TRUE if the object is writable and FALSE if it is read-only, for example, a GC replica instance. | |
FrsComputerReferenceBL | String | False | DelimitedData |
Reference to replica sets to which this computer belongs. | |
FRSMemberReferenceBL | String | False | DelimitedData |
Reference to subscriber objects for this member. | |
FSMORoleOwner | String | False | DelimitedData |
Flexible Single-Master Operation: The distinguished name of the DC where the schema can be modified. | |
GPLink | String | False | DelimitedData |
A sorted list of Group Policy options. Each option is a DWORD. Use of the UNICODE string is a convenience. | |
GPOptions | String | False | DelimitedData |
Options that affect all group policies associated with the object hosting this property. | |
IsCriticalSystemObject | String | False | DelimitedData |
If TRUE, the object hosting this attribute must be replicated during installation of a new replica. | |
IsDeleted | String | False | DelimitedData |
If TRUE, this object has been marked for deletion and cannot be instantiated. After the tombstone period has expired, it will be removed from the system. | |
MemberOf | String | False | DelimitedData |
The distinguished name of the groups to which this object belongs. | |
IsPrivilegeHolder | String | False | DelimitedData |
Backward link to privileges held by a given principal. | |
LastKnownParent | String | False | DelimitedData |
The Distinguished Name (DN) of the last known parent of an orphaned object. | |
LockoutDuration | String | False | DelimitedData |
The amount of time that an account is locked due to the Lockout-Threshold being exceeded. This value is stored as a large integer that represents the negative of the number of 100-nanosecond intervals from the time the Lockout-Threshold is exceeded that must elapse before the account is unlocked. | |
LockOutObservationWindow | String | False | DelimitedData |
The range of time, in 100-nanosecond intervals, in which the system increments the incorrect logon count. | |
LockoutThreshold | String | False | DelimitedData |
The number of invalid logon attempts that are permitted before the account is locked out. | |
LSACreationTime | String | False | DelimitedData |
The LSA-Creation-Time attribute is used to support replication to Windows NT 4.0 domains. | |
LSAModifiedCount | String | False | DelimitedData |
The LSA-Modified-Count attribute is used to support replication to Windows NT 4.0 domains. | |
ManagedBy | String | False | DelimitedData |
The distinguished name of the user that is assigned to manage this object. | |
ManagedObjects | String | False | DelimitedData |
Contains the list of objects that are managed by the user. The objects listed are those that have the property managedBy property set to this user. Each item in the list is a linked reference to the managed object. | |
MasteredBy | String | False | DelimitedData |
Backward link for Has-Master-NCs attribute. The distinguished name for its NTDS Settings objects. | |
MaxPwdAge | String | False | DelimitedData |
The maximum amount of time, in 100-nanosecond intervals, a password is valid. This value is stored as a large integer that represents the number of 100-nanosecond intervals from the time the password was set before the password expires. | |
MinPwdAge | String | False | DelimitedData |
The minimum amount of time, in 100-nanosecond intervals, that a password is valid. | |
MinPwdLength | String | False | DelimitedData |
The minimum number of characters that a password must contain. | |
ModifiedCountAtLastProm | String | False | DelimitedData |
The Net Logon Change Log serial number at last promotion. | |
ModifyTimeStamp | String | False | DelimitedData |
A computed attribute that represents the date when this object was last changed. This value is not replicated. | |
MS-DS-ConsistencyChildCount | String | False | DelimitedData |
This attribute is used to check consistency between the directory and another object, database, or application, by comparing a count of child objects. | |
MS-DS-ConsistencyGuid | String | False | DelimitedData |
This attribute is used to check consistency between the directory and another object, database, or application, by comparing GUIDs. | |
Ms-DS-MachineAccountQuota | String | False | DelimitedData |
The number of computer accounts that a user is allowed to create in a domain. | |
NETBIOSName | String | False | DelimitedData |
The name of the object to be used over NetBIOS. | |
NetbootSCPBL | String | False | DelimitedData |
A list of service connection points that reference this NetBoot server. | |
NextRid | String | False | DelimitedData |
The Next Rid field used by the mixed mode allocator. | |
NonSecurityMemberBL | String | False | DelimitedData |
List of nonsecurity-members for an Exchange distribution list. | |
NTMixedDomain | String | False | DelimitedData |
Indicates that the domain is in native mode or mixed mode. This attribute is found in the domainDNS (head) object for the domain. | |
DistinguishedName | String | False | DelimitedData |
Same as the Distinguished Name for an object. Used by Exchange. | |
ObjectGUID | String | False | DelimitedData |
The unique identifier for an object. | |
ObjectVersion | String | False | DelimitedData |
This can be used to store a version number for the object. | |
OtherWellKnownObjects | String | False | DelimitedData |
Contains a list of containers by GUID and Distinguished Name. This permits retrieving an object after it has been moved by using just the GUID and the domain name. Whenever the object is moved, the system automatically updates the Distinguished Name. | |
PartialAttributeDeletionList | String | False | DelimitedData |
Tracks the internal replication state of partial replicas (that is, on GCs). Attribute of the partial replica NC object. Used when the GC is in the process of removing attributes from the objects in its partial replica NCs. | |
PartialAttributeSet | String | False | DelimitedData |
Tracks the internal replication state of partial replicas (that is, on GCs). Attribute of the partial replica NC object. Defines the set of attributes present on a particular partial replica NC. | |
PekKeyChangeInterval | String | False | DelimitedData |
Password encryption key change interval. | |
PekList | String | False | DelimitedData |
List of password encryption keys. | |
PossibleInferiors | String | False | DelimitedData |
The list of objects that this object can contain. | |
PrivateKey | String | False | DelimitedData |
An encrypted private key. | |
ProxiedObjectName | String | False | DelimitedData |
This attribute is used internally by Active Directory to help track interdomain moves. | |
ProxyAddresses | String | False | DelimitedData |
A proxy address is the address by which a Microsoft Exchange Server recipient object is recognized in a foreign mail system. Proxy addresses are required for all recipient objects, such as custom recipients and distribution lists. | |
PwdHistoryLength | String | False | DelimitedData |
The number of old passwords to save. | |
PwdProperties | String | False | DelimitedData |
Password Properties. Part of Domain Policy. A bitfield to indicate complexity and storage restrictions. | |
QueryPolicyBL | String | False | DelimitedData |
List of all objects holding references to a given Query-Policy. | |
Name | String | False | DelimitedData |
The Relative Distinguished Name (RDN) of an object. An RDN is the relative portion of a distinguished name (DN), which uniquely identifies an LDAP object. | |
ReplicaSource | String | False | DelimitedData |
This attribute contains the GUID of a replication source. | |
ReplPropertyMetaData | String | False | DelimitedData |
Tracks internal replication state information for DS objects. Information here can be extracted in public form through the public API DsReplicaGetInfo(). Present on all DS objects. | |
ReplUpToDateVector | String | False | DelimitedData |
Tracks internal replication state information for an entire NC. Information here can be extracted in public form through the API DsReplicaGetInfo(). Present on all NC root objects. | |
DirectReports | String | False | DelimitedData |
Contains the list of users that directly report to the user. The users listed as reports are those that have the property manager property set to this user. Each item in the list is a linked reference to the object that represents the user. | |
RepsFrom | String | False | DelimitedData |
Lists the servers from which the directory will accept changes for the defined naming context. | |
RepsTo | String | False | DelimitedData |
Lists the servers that the directory will notify of changes and servers to which the directory will send changes on Request for the defined naming context. | |
Revision | String | False | DelimitedData |
The revision level for a security descriptor or other change. Only used in the sam-server and ds-ui-settings objects. | |
RIDManagerReference | String | False | DelimitedData |
The Distinguished Name for the RID Manager of an object. | |
SDRightsEffective | String | False | DelimitedData |
This constructed attribute returns a single DWORD value that can have up to three bits set: | |
ServerReferenceBL | String | False | DelimitedData |
Found in the domain naming context. The distinguished name of a computer under the sites folder. | |
ShowInAdvancedViewOnly | String | False | DelimitedData |
TRUE if this attribute is to be visible in the Advanced mode of the UI. | |
SiteObjectBL | String | False | DelimitedData |
The list of distinguished names for subnets that belong to this site. | |
SubRefs | String | False | DelimitedData |
List of subordinate references of a Naming Context. | |
SubSchemaSubEntry | String | False | DelimitedData |
The distinguished name for the location of the subschema object where a class or attribute is defined. | |
SystemFlags | String | False | DelimitedData |
An integer value that contains flags that define additional properties of the class. See Remarks. | |
TreeName | String | False | DelimitedData |
DNS name of the domain at the root of a tree. | |
USNChanged | String | False | DelimitedData |
The update sequence number (USN) assigned by the local directory for the latest change, including creation. See also , USN-Created. | |
USNCreated | String | False | DelimitedData |
The update sequence number (USN) assigned at object creation. See also, USN-Changed. | |
USNDSALastObjRemoved | String | False | DelimitedData |
Contains the update sequence number (USN) for the last system object that was removed from a server. | |
USNIntersite | String | False | DelimitedData |
The update sequence number (USN) for inter-site replication. | |
USNLastObjRem | String | False | DelimitedData |
Contains the update sequence number (USN) for the last non-system object that was removed from a server. | |
USNSource | String | False | DelimitedData |
Value of the USN-Changed attribute of the object from the remote directory that replicated the change to the local server. | |
WbemPath | String | False | DelimitedData |
References to objects in other ADSI namespaces. | |
WellKnownObjects | String | False | DelimitedData |
This attribute contains a list of well-known object containers by GUID and distinguished name. The well-known objects are system containers. This information is used to retrieve an object after it has been moved by using just the GUID and the domain name. Whenever the object is moved, the system automatically updates the Distinguished Name portion of the Well-Known-Objects values that referred to the object. The file Ntdsapi.h contains the following definitions, which can be used to retrieve an object (the GUIDs that are associated to these objects are contained in Ntdsapi.h): | |
WhenChanged | String | False | DelimitedData |
The date when this object was last changed. This value is not replicated and exists in the global catalog. | |
WhenCreated | String | False | DelimitedData |
The date when this object was created. This value is replicated and is in the global catalog. | |
WWWHomePage | String | False | DelimitedData |
A web page that is the primary landing page of a website. | |
Url | String | False | DelimitedData |
A list of alternate webpages. |
Pseudo-Columns
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
Filter | String |
Defines the LDAP filter explicitly, overriding any other values set in the WHERE clause. |