RE: [ActiveDir] Enterprise Domain Controllers

Wed, 24 Aug 2005 06:02:25 -0700 

It isn't an actual group. 

It is a Well-Known security principal (SID=S-1-5-9) like Authenticated Users
or Everyone or Terminal Server User. You don't have the ability to look at
the membership, let alone modify it. When a token for a domain controller is
built, the SID is simply added to it. 

It is represented in the directory as a foreignSecurityPrincipal so it can
be added to groups and ACEs like Everyone is. As Tom indicated, it is
maintained in the Wellknown Security Principals container of the
configuration partition with other Well Known Security Principals. 

Here is a quick listing of all the FSPs listed in that container

Anonymous Logon
Authenticated Users
Batch
Creator Group
Creator Owner
Dialup
Digest Authentication
Enterprise Domain Controllers
Everyone
Interactive
Local Service
Network
Network Service
NTLM Authentication
Other Organization
Proxy
Remote Interactive Logon
Restricted
SChannel Authentication
Self
Service
Terminal Server User
This Organization
Well-Known-Security-Id-System
WellKnown Security Principals


    joe



-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad
Sent: Wednesday, August 24, 2005 5:17 AM
To: [email protected]
Subject: [ActiveDir] Enterprise Domain Controllers

Hey All,

Can anyone tell me where this group is stored?  It isn't in the directory,
and it isn't a local group...any ideas on how to check it's membership list
is correct?

TIA,


Brad


This email and any attached files are confidential and copyright protected.
If you are not the addressee, any dissemination of this communication is
strictly prohibited. Unless otherwise expressly agreed in writing, nothing
stated in this communication shall be legally binding.
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to