AD Objects

Security Principal

A security principal object has the objectSid attribute.

In Active Directory,

the user
computer and
group object classes are examples of security principal object classes though not every group object is a security principal object.

In AD LDS, an independent mode of Active Directory, any object containing the msDS-BindableObject auxiliary class is a security principal.

Access Control

Access control is administered at the object level by setting different levels of access, or permissions, to objects, such as Full Control, Write, Read, or No Access.

Microsoft Learn - Access control in Active Directory

Reference

[MS-ADTS]

PreviousLDAP NextKey Distribution Center

Last updated 1 year ago