In Active Directory there is something called linked attributes. They exist in pairs, consisting of a forward-link and a back-link. The linked attribute pair member, of Group objects, and memberOf, of User or Groups is an example. In this particular case member is the forward-link and memberOf is the back-link. Back-links are always calculated automatically …
Tag Archives: Active Directory
Creating users with passwords that do not meet complexity requirements
I am currently reading John Craddock and Salley Storey’s book Active Directory Forestry. It is a very good read, and I can recommend it highly. Anyway, I discovered something interesting. The book mentions some attributes of the RID Set object of Domain Controllers, specifically the rIDNextRID attribute of that object. rIDNextRID holds the value of …
Continue reading “Creating users with passwords that do not meet complexity requirements”
Difference betwen groups in the Builtin container and Domain Local groups
Group sAMAccountType groupType systemFlags isCriticalSystemObject —————————————————————————— Built-in 536870912 -2147483643 -1946157056 Yes DL 536870912 -2147483644 <Not Set> <Not Set>The groups in the Builtin container may look like ordinary Domain Local groups, but they are not. In Windows Server 2003 Active Directory they are listed as Builtin Local. These groups cannot be used on other machines in …
Continue reading “Difference betwen groups in the Builtin container and Domain Local groups”