Topic Last Modified: 2010-10-18

The following table lists the access control entries (ACEs) that domain preparation creates on the domain root. All ACEs are inherited unless otherwise noted.

ACEs Added to Domain Root

ACE RTCUniversal-UserReadOnly-Group RTCUniversal-ServerReadOnly-Group RTCUniversal-UserAdmins RTCHSUniversal-Services Authenticated-Users

Read Container (not inherited)

Yes

Yes

No

No

No

Read User PropertySet User-Account-Restrictions

Yes

No

No

No

No

Read User PropertySet Personal-Information

Yes

No

No

No

No

Read User PropertySet General-Information

Yes

No

No

No

No

Read User PropertySet Public-Information

Yes

No

No

No

No

Read User PropertySet RTCUserSearchProperty-Set

Yes

No

No

No

Yes

Read User PropertySet RTCPropertySet

Yes

No

No

No

No

Write User Property Proxy-Addresses

No

No

Yes

No

No

Write User PropertySet RTCUserSearchProperty-Set

No

No

Yes

No

No

Write User PropertySet RTCPropertySet

No

No

Yes

No

No

Read PropertySet DS-Replication-Get-Changes of all Active Directory objects

No

No

No

Yes

No

The following table lists the ACEs that domain preparation creates in the three built-in containers: Users, Computers, and Domain Controllers. All ACEs are inherited unless otherwise noted.

ACEs Added to Built-in Containers

ACE RTCUniversal-UserReadOnly-Group RTCUniversal-ServerReadOnly-Group

Read Container (not inherited)

Yes

Yes