Group_Membership
Stores a list of user names. Used to apply security principals on resources. This view returns one row for each Member of the Group.
Columns
| Name | Type | References | Description |
| Id [KEY] | String | Combined index and DN. Multiple indices are only possible when a column is set to SplitDataByRow. | |
| DN | String | The full distinguished name. | |
| RDN | String | The relative distinguished name. | |
| BaseDN | String | The base distinguished name. | |
| GroupType | String | Contains a set of flags that define the type and scope of a group object. For the possible values for this attribute, see Remarks. | |
| InstanceType | String | A bitfield that dictates how the object is instantiated on a particular server. The value of this attribute can differ on different replicas even if the replicas are in sync. | |
| NTSecurityDescriptor | String | The Windows NT security descriptor for the schema object. A security descriptor is a data structure that contains security information about an object, such as the ownership and permissions of the object. | |
| ObjectCategory | String | An object class name used to group objects of this or derived classes. | |
| ObjectClass | String | The list of classes from which this class is derived. | |
| SAMAccountName | String | The logon name used to support clients and servers running earlier versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. | |
| AccountNameHistory | String | The length of time that the account has been active. | |
| AdminCount | String | Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). | |
| AdminDescription | String | The description displayed on admin screens. | |
| AdminDisplayName | String | The name to be displayed on admin screens. | |
| AllowedAttributes | String | Attributes that will be permitted to be assigned to a class. | |
| AllowedAttributesEffective | String | A list of attributes that can be modified on the object. | |
| AllowedChildClasses | String | Classes that can be contained by a class. | |
| AllowedChildClassesEffective | String | A list of classes that can be modified. | |
| AltSecurityIdentities | String | Contains mappings for X.509 certificates or external Kerberos user accounts to this user for the purpose of authentication. | |
| BridgeheadServerListBL | String | The list of servers that are bridgeheads for replication. | |
| CanonicalName | String | The name of the object in canonical format. myserver2.fabrikam.com/users/jeffsmith is an example of a distinguished name in canonical format. This is a constructed attribute. The results returned are identical to those returned by the following Active Directory function: DsCrackNames(NULL, DS_NAME_FLAG_SYNTACTICAL_ONLY, DS_FQDN_1779_NAME, DS_CANONICAL_NAME, ...). | |
| Info | String | The user's comments. This string can be a null string. | |
| Cn | String | The name that represents an object. Used to perform searches. | |
| ControlAccessRights | String | Used by DS Security to determine which users can perform specific operations on the host object. | |
| CreateTimeStamp | String | The date when this object was created. This value is replicated. | |
| Description | String | Contains the description to display for an object. This value is restricted as single-valued for backward compatibility in some cases but is allowed to be multi-valued in others. See Remarks. | |
| DesktopProfile | String | The location of the desktop profile for a user or group of users. Not used. | |
| DisplayName | String | The display name for an object. This is usually the combination of the users first name, middle initial, and last name. | |
| DisplayNamePrintable | String | The printable display name for an object. The printable display name is usually the combination of the user's first name, middle initial, and last name. | |
| DSASignature | String | The DSA-Signature of an object is the Invocation-ID of the last directory to modify the object. | |
| DSCorePropagationData | String | The DS-Core-Propagation-Data attribute is for internal use only. | |
| String | The list of email addresses for a contact. | ||
| ExtensionName | String | The name of a property page used to extend the UI of a directory object. | |
| Flags | String | To be used by the object to store bit information. | |
| FromEntry | String | This is a constructed attribute that is TRUE if the object is writable and FALSE if it is read-only, for example, a GC replica instance. | |
| FrsComputerReferenceBL | String | Reference to replica sets to which this computer belongs. | |
| FRSMemberReferenceBL | String | Reference to subscriber objects for this member. | |
| FSMORoleOwner | String | Flexible Single-Master Operation: The distinguished name of the DC where the schema can be modified. | |
| GarbageCollPeriod | String | This attribute is located on the CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,... object. It represents the time, in hours, between DS garbage collection runs. | |
| GroupAttributes | String | The Group-Attributes attribute is not currently used. | |
| GroupMembershipSAM | String | Windows NT Security. Down level Windows NT support. | |
| IsCriticalSystemObject | String | If TRUE, the object hosting this attribute must be replicated during installation of a new replica. | |
| IsDeleted | String | If TRUE, this object has been marked for deletion and cannot be instantiated. After the tombstone period has expired, it will be removed from the system. | |
| MemberOf | String | The distinguished name of the groups to which this object belongs. | |
| IsPrivilegeHolder | String | Backward link to privileges held by a given principal. | |
| LastKnownParent | String | The Distinguished Name (DN) of the last known parent of an orphaned object. | |
| LegacyExchangeDN | String | The distinguished name previously used by Exchange. | |
| ManagedBy | String | The distinguished name of the user that is assigned to manage this object. | |
| ManagedObjects | String | Contains the list of objects that are managed by the user. The objects listed are those that have the property managedBy property set to this user. Each item in the list is a linked reference to the managed object. | |
| MasteredBy | String | Backward link for Has-Master-NCs attribute. The distinguished name for its NTDS Settings objects. | |
| Member | String | The list of users that belong to the group. | |
| ModifyTimeStamp | String | A computed attribute that represents the date when this object was last changed. This value is not replicated. | |
| MS-DS-ConsistencyChildCount | String | This attribute is used to check consistency between the directory and another object, database, or application, by comparing a count of child objects. | |
| MS-DS-ConsistencyGuid | String | This attribute is used to check consistency between the directory and another object, database, or application, by comparing GUIDs. | |
| NetbootSCPBL | String | A list of service connection points that reference this NetBoot server. | |
| NonSecurityMember | String | Nonsecurity members of a group. Used for Exchange distribution lists. | |
| NonSecurityMemberBL | String | List of nonsecurity-members for an Exchange distribution list. | |
| NTGroupMembers | String | This attribute is not used. | |
| DistinguishedName | String | Same as the Distinguished Name for an object. Used by Exchange. | |
| ObjectGUID | String | The unique identifier for an object. | |
| ObjectSid | String | A binary value that specifies the security identifier (SID) of the user. The SID is a unique value used to identify the user as a security principal. | |
| ObjectVersion | String | This can be used to store a version number for the object. | |
| OperatorCount | String | Operator count. | |
| OtherWellKnownObjects | String | Contains a list of containers by GUID and Distinguished Name. This permits retrieving an object after it has been moved by using just the GUID and the domain name. Whenever the object is moved, the system automatically updates the Distinguished Name. | |
| PartialAttributeDeletionList | String | Tracks the internal replication state of partial replicas (that is, on GCs). Attribute of the partial replica NC object. Used when the GC is in the process of removing attributes from the objects in its partial replica NCs. | |
| PartialAttributeSet | String | Tracks the internal replication state of partial replicas (that is, on GCs). Attribute of the partial replica NC object. Defines the set of attributes present on a particular partial replica NC. | |
| PossibleInferiors | String | The list of objects that this object can contain. | |
| PrimaryGroupToken | String | A computed attribute that is used in retrieving the membership list of a group, such as Domain Users. The complete membership of such groups is not stored explicitly for scaling reasons. | |
| ProxiedObjectName | String | This attribute is used internally by Active Directory to help track interdomain moves. | |
| ProxyAddresses | String | A proxy address is the address by which a Microsoft Exchange Server recipient object is recognized in a foreign mail system. Proxy addresses are required for all recipient objects, such as custom recipients and distribution lists. | |
| QueryPolicyBL | String | List of all objects holding references to a given Query-Policy. | |
| Name | String | The Relative Distinguished Name (RDN) of an object. An RDN is the relative portion of a distinguished name (DN), which uniquely identifies an LDAP object. | |
| ReplPropertyMetaData | String | Tracks internal replication state information for DS objects. Information here can be extracted in public form through the public API DsReplicaGetInfo(). Present on all DS objects. | |
| ReplUpToDateVector | String | Tracks internal replication state information for an entire NC. Information here can be extracted in public form through the API DsReplicaGetInfo(). Present on all NC root objects. | |
| DirectReports | String | Contains the list of users that directly report to the user. The users listed as reports are those that have the property manager property set to this user. Each item in the list is a linked reference to the object that represents the user. | |
| RepsFrom | String | Lists the servers from which the directory will accept changes for the defined naming context. | |
| RepsTo | String | Lists the servers that the directory will notify of changes and servers to which the directory will send changes on Request for the defined naming context. | |
| Revision | String | The revision level for a security descriptor or other change. Only used in the sam-server and ds-ui-settings objects. | |
| Rid | String | The relative Identifier of an object. | |
| SAMAccountType | String | This attribute contains information about every account type object. You can enumerate a list of account types or you can use the Display Information API to create a list. Because computers, normal user accounts, and trust accounts can also be enumerated as user objects, the values for these accounts must be a contiguous range. | |
| SDRightsEffective | String | This constructed attribute returns a single DWORD value that can have up to three bits set: | |
| SecurityIdentifier | String | A unique value of variable length used to identify a user account, group account, or logon session to which an ACE applies. | |
| ServerReferenceBL | String | Found in the domain naming context. The distinguished name of a computer under the sites folder. | |
| ShowInAddressBook | String | This attribute is used to indicate in which MAPI address books an object will appear. It is usually maintained by the Exchange Recipient Update Service. | |
| ShowInAdvancedViewOnly | String | TRUE if this attribute is to be visible in the Advanced mode of the UI. | |
| SIDHistory | String | Contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and that new SID becomes the objectSID. The previous SID is added to the sIDHistory property. | |
| SiteObjectBL | String | The list of distinguished names for subnets that belong to this site. | |
| SubRefs | String | List of subordinate references of a Naming Context. | |
| SubSchemaSubEntry | String | The distinguished name for the location of the subschema object where a class or attribute is defined. | |
| SupplementalCredentials | String | Stored credentials for use in authenticating. The encrypted version of the user's password. This attribute is neither readable nor writable. | |
| SystemFlags | String | An integer value that contains flags that define additional properties of the class. See Remarks. | |
| TelephoneNumber | String | The primary telephone number. | |
| TextEncodedORAddress | String | This attribute is used to support X.400 addresses in a text format. | |
| UserCert | String | Nortel v1 or DMS certificates. | |
| UserSMIMECertificate | String | Certificate distribution object or tagged certificates. | |
| USNChanged | String | The update sequence number (USN) assigned by the local directory for the latest change, including creation. See also , USN-Created. | |
| USNCreated | String | The update sequence number (USN) assigned at object creation. See also, USN-Changed. | |
| USNDSALastObjRemoved | String | Contains the update sequence number (USN) for the last system object that was removed from a server. | |
| USNIntersite | String | The update sequence number (USN) for inter-site replication. | |
| USNLastObjRem | String | Contains the update sequence number (USN) for the last non-system object that was removed from a server. | |
| USNSource | String | Value of the USN-Changed attribute of the object from the remote directory that replicated the change to the local server. | |
| WbemPath | String | References to objects in other ADSI namespaces. | |
| WellKnownObjects | String | This attribute contains a list of well-known object containers by GUID and distinguished name. The well-known objects are system containers. This information is used to retrieve an object after it has been moved by using just the GUID and the domain name. Whenever the object is moved, the system automatically updates the Distinguished Name portion of the Well-Known-Objects values that referred to the object. The file Ntdsapi.h contains the following definitions, which can be used to retrieve an object (the GUIDs that are associated to these objects are contained in Ntdsapi.h): | |
| WhenChanged | String | The date when this object was last changed. This value is not replicated and exists in the global catalog. | |
| WhenCreated | String | The date when this object was created. This value is replicated and is in the global catalog. | |
| WWWHomePage | String | A web page that is the primary landing page of a website. | |
| Url | String | A list of alternate webpages. | |
| UserCertificate | String | Contains the DER-encoded X.509v3 certificates issued to the user. Note that this property contains the public key certificates issued to this user by Microsoft Certificate Service. |
Pseudo-Columns
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
| Name | Type | Description | |
| Filter | String | Defines the LDAP filter explicitly, overriding any other values set in the WHERE clause. |