Topic Last Modified: 2010-10-18
The following table lists the access control entries (ACEs) that domain preparation creates on the domain root. All ACEs are inherited unless otherwise noted.
ACEs Added to Domain Root
ACE | RTCUniversal-UserReadOnly-Group | RTCUniversal-ServerReadOnly-Group | RTCUniversal-UserAdmins | RTCHSUniversal-Services | Authenticated-Users |
---|---|---|---|---|---|
Read Container (not inherited) |
Yes |
Yes |
No |
No |
No |
Read User PropertySet User-Account-Restrictions |
Yes |
No |
No |
No |
No |
Read User PropertySet Personal-Information |
Yes |
No |
No |
No |
No |
Read User PropertySet General-Information |
Yes |
No |
No |
No |
No |
Read User PropertySet Public-Information |
Yes |
No |
No |
No |
No |
Read User PropertySet RTCUserSearchProperty-Set |
Yes |
No |
No |
No |
Yes |
Read User PropertySet RTCPropertySet |
Yes |
No |
No |
No |
No |
Write User Property Proxy-Addresses |
No |
No |
Yes |
No |
No |
Write User PropertySet RTCUserSearchProperty-Set |
No |
No |
Yes |
No |
No |
Write User PropertySet RTCPropertySet |
No |
No |
Yes |
No |
No |
Read PropertySet DS-Replication-Get-Changes of all Active Directory objects |
No |
No |
No |
Yes |
No |
The following table lists the ACEs that domain preparation creates in the three built-in containers: Users, Computers, and Domain Controllers. All ACEs are inherited unless otherwise noted.
ACEs Added to Built-in Containers
ACE | RTCUniversal-UserReadOnly-Group | RTCUniversal-ServerReadOnly-Group |
---|---|---|
Read Container (not inherited) |
Yes |
Yes |