Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » User Attribute SecurityIdentifier free to use?
User Attribute SecurityIdentifier free to use? [message #159590] Sat, 01 August 2009 05:07 Go to next message
slazzen  is currently offline slazzen
Messages: 3
Registered: August 2009
Junior Member
Hi

I wonder if i can use the user attribute SecurityIdentifier to store some
application specifik SID data? Is it used for any internal AD stuff, or is
it free to use? The only info i can get in it is on MSDN:
http://msdn.microsoft.com/en-us/library/ms679768(VS.85).aspx but it does not
tell whether there is any limitations of using this attribute.

I am well aware of the workings of the normal SID attribute (objectSid), and
I know that this is not to be tampered with.

Any info appreciated

Best regards

Søren
RE: User Attribute SecurityIdentifier free to use? [message #159593 is a reply to message #159590] Sat, 01 August 2009 08:28 Go to previous messageGo to next message
Garry Starck-MCITP En  is currently offline Garry Starck-MCITP En
Messages: 69
Registered: July 2009
Member
Hi Soren

I take it you mean the SID attribute, if so, no, you cannot modify this
field, AD controlls the GUID & SID fields. When we migrate, we populate the
SID History attribute, not the SID attrib itself. The SID and GUID never
change through an objects lifetime

Am I on the right boat with my understanding?

Regards
--
Garry Starck
MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA


"Søren Egtved Lassen" wrote:

> Hi
>
> I wonder if i can use the user attribute SecurityIdentifier to store some
> application specifik SID data? Is it used for any internal AD stuff, or is
> it free to use? The only info i can get in it is on MSDN:
> http://msdn.microsoft.com/en-us/library/ms679768(VS.85).aspx but it does not
> tell whether there is any limitations of using this attribute.
>
> I am well aware of the workings of the normal SID attribute (objectSid), and
> I know that this is not to be tampered with.
>
> Any info appreciated
>
> Best regards
>
> Sren
>
Re: User Attribute SecurityIdentifier free to use? [message #159597 is a reply to message #159590] Sat, 01 August 2009 11:35 Go to previous messageGo to next message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
"Sren Egtved Lassen" <slazzen@spamawayhotmail.com> wrote in message
news:844FD108-0852-4287-9E99-AD1139F1D0CA@microsoft.com...
> Hi
>
> I wonder if i can use the user attribute SecurityIdentifier to store some
> application specifik SID data? Is it used for any internal AD stuff, or is
> it free to use? The only info i can get in it is on MSDN:
> http://msdn.microsoft.com/en-us/library/ms679768(VS.85).aspx but it does
> not tell whether there is any limitations of using this attribute.
>
> I am well aware of the workings of the normal SID attribute (objectSid),
> and I know that this is not to be tampered with.
>
> Any info appreciated
>
> Best regards
>
> Sren

The objectSID attribute is used by the system and cannot be altered.
However, the securityIndentifier attribute, which has the same syntax,
appears to be available. Note that the link has nothing listed for "Update
Privilege", unlike the similar link for objectSID which states "The value is
set by the system". Also, this attribute is optional. I can find no
documentation on the use of this attribute. Also, I checked two domains I
have access to and neither had any objects where this attribute has a value
assigned. Unless someone else knows better, I would say it is available for
your use.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Re: User Attribute SecurityIdentifier free to use? [message #159601 is a reply to message #159593] Sat, 01 August 2009 13:39 Go to previous messageGo to next message
slazzen  is currently offline slazzen
Messages: 3
Registered: August 2009
Junior Member
Well, not quite the right boat I assume :-)
I am well aware of the GUID and SID stuff, but there is actually another
user property called SecurityIdentifier of the same data type as the normal
SID attribute that I want to use for application usage, as it seems that
this attribute is not used for anything internally in AD. I don't want to
use SidHistory.

Thanks anyway
Søren


If you read other reply's
"Garry Starck-MCITP Enterprise Admin"
<vjsparx@REMOVE_CAPS_INVALIDhotmail.com> wrote in message
news:81205AE8-5D5E-4FED-AD7B-20A3BD26E930@microsoft.com...
> Hi Soren
>
> I take it you mean the SID attribute, if so, no, you cannot modify this
> field, AD controlls the GUID & SID fields. When we migrate, we populate
> the
> SID History attribute, not the SID attrib itself. The SID and GUID never
> change through an objects lifetime
>
> Am I on the right boat with my understanding?
>
> Regards
> --
> Garry Starck
> MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA
>
>
> "Søren Egtved Lassen" wrote:
>
>> Hi
>>
>> I wonder if i can use the user attribute SecurityIdentifier to store some
>> application specifik SID data? Is it used for any internal AD stuff, or
>> is
>> it free to use? The only info i can get in it is on MSDN:
>> http://msdn.microsoft.com/en-us/library/ms679768(VS.85).aspx but it does
>> not
>> tell whether there is any limitations of using this attribute.
>>
>> I am well aware of the workings of the normal SID attribute (objectSid),
>> and
>> I know that this is not to be tampered with.
>>
>> Any info appreciated
>>
>> Best regards
>>
>> Sren
>>
Re: User Attribute SecurityIdentifier free to use? [message #159602 is a reply to message #159597] Sat, 01 August 2009 13:42 Go to previous message
slazzen  is currently offline slazzen
Messages: 3
Registered: August 2009
Junior Member
"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
message news:urn$j6sEKHA.1248@TK2MSFTNGP04.phx.gbl...
>
> "Søren Egtved Lassen" <slazzen@spamawayhotmail.com> wrote in message
> news:844FD108-0852-4287-9E99-AD1139F1D0CA@microsoft.com...
>> Hi
>>
>> I wonder if i can use the user attribute SecurityIdentifier to store some
>> application specifik SID data? Is it used for any internal AD stuff, or
>> is it free to use? The only info i can get in it is on MSDN:
>> http://msdn.microsoft.com/en-us/library/ms679768(VS.85).aspx but it does
>> not tell whether there is any limitations of using this attribute.
>>
>> I am well aware of the workings of the normal SID attribute (objectSid),
>> and I know that this is not to be tampered with.
>>
>> Any info appreciated
>>
>> Best regards
>>
>> Søren
>
> The objectSID attribute is used by the system and cannot be altered.
> However, the securityIndentifier attribute, which has the same syntax,
> appears to be available. Note that the link has nothing listed for "Update
> Privilege", unlike the similar link for objectSID which states "The value
> is set by the system". Also, this attribute is optional. I can find no
> documentation on the use of this attribute. Also, I checked two domains I
> have access to and neither had any objects where this attribute has a
> value assigned. Unless someone else knows better, I would say it is
> available for your use.

Hi Richard

I've made the same conclusions as you.

Best regards
Søren
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
>
Previous Topic:CAN I RENAME ADMINISTRATOR DOMAIN ACCOUNT
Next Topic:2 domains on the same subnet
Goto Forum:
  


Current Time: Thu Jan 18 20:48:56 MST 2018

Total time taken to generate the page: 0.04023 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software