Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

User Attribute SecurityIdentifier free to use?

62 views
Skip to first unread message

Søren Egtved Lassen

unread,
Aug 1, 2009, 7:07:42 AM8/1/09
to
Hi

I wonder if i can use the user attribute SecurityIdentifier to store some
application specifik SID data? Is it used for any internal AD stuff, or is
it free to use? The only info i can get in it is on MSDN:
http://msdn.microsoft.com/en-us/library/ms679768(VS.85).aspx but it does not
tell whether there is any limitations of using this attribute.

I am well aware of the workings of the normal SID attribute (objectSid), and
I know that this is not to be tampered with.

Any info appreciated

Best regards

S�ren

Garry Starck-MCITP Enterprise Admin

unread,
Aug 1, 2009, 10:28:01 AM8/1/09
to
Hi Soren

I take it you mean the SID attribute, if so, no, you cannot modify this
field, AD controlls the GUID & SID fields. When we migrate, we populate the
SID History attribute, not the SID attrib itself. The SID and GUID never
change through an objects lifetime

Am I on the right boat with my understanding?

Regards
--
Garry Starck
MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA


"Søren Egtved Lassen" wrote:

> Sren
>

Richard Mueller [MVP]

unread,
Aug 1, 2009, 1:35:56 PM8/1/09
to

"S�ren Egtved Lassen" <sla...@spamawayhotmail.com> wrote in message
news:844FD108-0852-4287...@microsoft.com...

The objectSID attribute is used by the system and cannot be altered.
However, the securityIndentifier attribute, which has the same syntax,
appears to be available. Note that the link has nothing listed for "Update
Privilege", unlike the similar link for objectSID which states "The value is
set by the system". Also, this attribute is optional. I can find no
documentation on the use of this attribute. Also, I checked two domains I
have access to and neither had any objects where this attribute has a value
assigned. Unless someone else knows better, I would say it is available for
your use.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--


Søren Egtved Lassen

unread,
Aug 1, 2009, 3:39:17 PM8/1/09
to
Well, not quite the right boat I assume :-)
I am well aware of the GUID and SID stuff, but there is actually another
user property called SecurityIdentifier of the same data type as the normal
SID attribute that I want to use for application usage, as it seems that
this attribute is not used for anything internally in AD. I don't want to
use SidHistory.

Thanks anyway
Søren


If you read other reply's
"Garry Starck-MCITP Enterprise Admin"
<vjsparx@REMOVE_CAPS_INVALIDhotmail.com> wrote in message
news:81205AE8-5D5E-4FED...@microsoft.com...

Søren Egtved Lassen

unread,
Aug 1, 2009, 3:42:14 PM8/1/09
to

"Richard Mueller [MVP]" <rlmuelle...@ameritech.nospam.net> wrote in
message news:urn$j6sEKH...@TK2MSFTNGP04.phx.gbl...

Hi Richard

I've made the same conclusions as you.

Best regards
S�ren

0 new messages