Default ACLs of Predefined Objects - Inside Active Directory

Related to the book Inside Active Directory, ISBN 0-201-61621-1
Copyright (C) 2002 by Sakari Kouti
Version: December 21, 2001
Back to the book's Web site

ACE Trustee AccessMask AceFlags AceType ObjectType InheritedObjectType
DC=sanao,DC=com
ACE 1 Everyone DS_READ_PROP, ACCESS_ALLOWED
ACE 2 Enterprise Domain Controllers DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Replicating Directory Changes
ACE 3 Enterprise Domain Controllers DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Replication Synchronization
ACE 4 Enterprise Domain Controllers DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Manage Replication Topology
ACE 5 Administrators DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Replicating Directory Changes
ACE 6 Administrators DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Replication Synchronization
ACE 7 Administrators DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Manage Replication Topology
ACE 8 Authenticated Users Read plus List Object ACCESS_ALLOWED
ACE 9 Domain Admins Full Control except 3 Deletes ACCESS_ALLOWED
ACE 10 Administrators Full Control except Delete Child and Delete Subtree Inherit, ACCESS_ALLOWED
ACE 11 LocalSystem Full Control ACCESS_ALLOWED
ACE 12 Enterprise Admins Full Control Inherit, ACCESS_ALLOWED
ACE 13 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, ACCESS_ALLOWED
ACE 14 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 15 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, ACCESS_ALLOWED_OBJECT General Information user
ACE 16 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 17 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 18 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 19 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, ACCESS_ALLOWED_OBJECT group
ACE 20 Pre-Windows 2000 Compatible Access READ_CONTROL, ACCESS_ALLOWED
ACE 21 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, ACCESS_ALLOWED_OBJECT user
CN=Users,DC=sanao,DC=com
ACE 1 LocalSystem Full Control ACCESS_ALLOWED
ACE 2 Domain Admins Full Control except Delete and Delete Subtree ACCESS_ALLOWED
ACE 3 Account Operators DS_CREATE_CHILD, DS_DELETE_CHILD, ACCESS_ALLOWED_OBJECT user
ACE 4 Account Operators DS_CREATE_CHILD, DS_DELETE_CHILD, ACCESS_ALLOWED_OBJECT group
ACE 5 Print Operators DS_CREATE_CHILD, DS_DELETE_CHILD, ACCESS_ALLOWED_OBJECT printQueue
ACE 6 Authenticated Users Read plus List Object ACCESS_ALLOWED
ACE 7 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 8 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 9 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 10 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 12 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 13 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 14 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 15 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 16 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT user
CN=Computers,DC=sanao,DC=com
ACE 1 LocalSystem Full Control ACCESS_ALLOWED
ACE 2 Domain Admins Full Control except Delete and Delete Subtree ACCESS_ALLOWED
ACE 3 Account Operators DS_CREATE_CHILD, DS_DELETE_CHILD, ACCESS_ALLOWED_OBJECT computer
ACE 4 Account Operators DS_CREATE_CHILD, DS_DELETE_CHILD, ACCESS_ALLOWED_OBJECT user
ACE 5 Account Operators DS_CREATE_CHILD, DS_DELETE_CHILD, ACCESS_ALLOWED_OBJECT group
ACE 6 Print Operators DS_CREATE_CHILD, DS_DELETE_CHILD, ACCESS_ALLOWED_OBJECT printQueue
ACE 7 Authenticated Users Read plus List Object ACCESS_ALLOWED
ACE 8 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 9 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 10 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 12 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 13 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 14 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 15 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 16 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 17 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT user
OU=Domain Controllers,DC=sanao,DC=com
ACE 1 Authenticated Users Read plus List Object ACCESS_ALLOWED
ACE 2 Domain Admins Full Control except 3 Deletes ACCESS_ALLOWED
ACE 3 LocalSystem Full Control ACCESS_ALLOWED
ACE 4 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 5 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 6 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 7 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 8 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 9 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 10 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 12 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 13 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT user
CN=ForeignSecurityPrincipals,DC=sanao,DC=com
ACE 1 Domain Admins Full Control ACCESS_ALLOWED
ACE 2 LocalSystem Full Control ACCESS_ALLOWED
ACE 3 Authenticated Users Read plus List Object ACCESS_ALLOWED
ACE 4 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 5 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 6 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 7 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 8 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 9 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 10 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 12 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 13 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT user
CN=Administrator,CN=Users,DC=sanao,DC=com
ACE 1 Authenticated Users Read plus List Object ACCESS_ALLOWED
ACE 2 Administrators Full Control except Delete Subtree ACCESS_ALLOWED
ACE 3 Enterprise Admins Full Control except Delete and Delete Subtree ACCESS_ALLOWED
ACE 4 Domain Admins Full Control except Delete and Delete Subtree ACCESS_ALLOWED
ACE 5 LocalSystem Full Control ACCESS_ALLOWED
ACE 6 Pre-Windows 2000 Compatible Access DS_READ_PROP, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 7 Pre-Windows 2000 Compatible Access DS_READ_PROP, ACCESS_ALLOWED_OBJECT General Information user
ACE 8 Pre-Windows 2000 Compatible Access DS_READ_PROP, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 9 Pre-Windows 2000 Compatible Access DS_READ_PROP, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 10 Pre-Windows 2000 Compatible Access DS_READ_PROP, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 11 Pre-Windows 2000 Compatible Access Read plus List Object ACCESS_ALLOWED_OBJECT user
ACE 12 Everyone DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Change Password
CN=Guest,CN=Users,DC=sanao,DC=com
ACE 1 SELF DS_CONTROL_ACCESS, ACCESS_DENIED_OBJECT Change Password
ACE 2 Everyone DS_CONTROL_ACCESS, ACCESS_DENIED_OBJECT Change Password
ACE 3 Authenticated Users DS_READ_PROP, ACCESS_ALLOWED
ACE 4 Account Operators Full Control ACCESS_ALLOWED
ACE 5 Administrators Full Control ACCESS_ALLOWED
ACE 6 SELF DS_READ_PROP, ACCESS_ALLOWED
ACE 7 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 8 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 9 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 10 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 12 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 13 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 14 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 15 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 16 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherited, ACCESS_ALLOWED_OBJECT user
CN=IWAM_DC11,CN=Users,DC=sanao,DC=com
ACE 1 SELF DS_CONTROL_ACCESS, ACCESS_DENIED_OBJECT Change Password
ACE 2 Everyone DS_CONTROL_ACCESS, ACCESS_DENIED_OBJECT Change Password
ACE 3 Authenticated Users DS_READ_PROP, ACCESS_ALLOWED
ACE 4 Account Operators Full Control ACCESS_ALLOWED
ACE 5 Administrators Full Control ACCESS_ALLOWED
ACE 6 SELF DS_READ_PROP, ACCESS_ALLOWED
ACE 7 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 8 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 9 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 10 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 12 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 13 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 14 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 15 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 16 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherited, ACCESS_ALLOWED_OBJECT user
CN=IUSR_DC11,CN=Users,DC=sanao,DC=com
ACE 1 SELF DS_CONTROL_ACCESS, ACCESS_DENIED_OBJECT Change Password
ACE 2 Everyone DS_CONTROL_ACCESS, ACCESS_DENIED_OBJECT Change Password
ACE 3 Authenticated Users DS_READ_PROP, ACCESS_ALLOWED
ACE 4 Account Operators Full Control ACCESS_ALLOWED
ACE 5 Administrators Full Control ACCESS_ALLOWED
ACE 6 SELF DS_READ_PROP, ACCESS_ALLOWED
ACE 7 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 8 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 9 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 10 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 12 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 13 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 14 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 15 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 16 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherited, ACCESS_ALLOWED_OBJECT user
CN=Builtin,DC=sanao,DC=com
ACE 1 Everyone DS_READ_PROP, ACCESS_ALLOWED
ACE 2 Enterprise Domain Controllers DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Replicating Directory Changes
ACE 3 Enterprise Domain Controllers DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Replication Synchronization
ACE 4 Enterprise Domain Controllers DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Manage Replication Topology
ACE 5 Administrators DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Replicating Directory Changes
ACE 6 Administrators DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Replication Synchronization
ACE 7 Administrators DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Manage Replication Topology
ACE 8 Authenticated Users Read plus List Object ACCESS_ALLOWED
ACE 9 Domain Admins Full Control except 3 Deletes ACCESS_ALLOWED
ACE 10 Administrators Full Control except Delete Child and Delete Subtree Inherit, ACCESS_ALLOWED
ACE 11 LocalSystem Full Control ACCESS_ALLOWED
ACE 12 Enterprise Admins Full Control Inherit, ACCESS_ALLOWED
ACE 13 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, ACCESS_ALLOWED
ACE 14 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 15 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, ACCESS_ALLOWED_OBJECT General Information user
ACE 16 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 17 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 18 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 19 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, ACCESS_ALLOWED_OBJECT group
ACE 20 Pre-Windows 2000 Compatible Access READ_CONTROL, ACCESS_ALLOWED
ACE 21 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, ACCESS_ALLOWED_OBJECT user
ACE 22 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 23 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 24 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 25 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 26 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 27 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 28 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 29 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 30 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 31 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT user
CN=Administrators,CN=Builtin,DC=sanao,DC=com
ACE 1 Authenticated Users DS_READ_PROP, ACCESS_ALLOWED
ACE 2 Authenticated Users DS_READ_PROP, DS_WRITE_PROP, DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Send To
ACE 3 Administrators Full Control ACCESS_ALLOWED
ACE 4 SELF ACTRL_DS_LIST, DS_SELF, DS_READ_PROP, DS_LIST_OBJECT, READ_CONTROL, ACCESS_ALLOWED_OBJECT Add/Remove self as member
ACE 5 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 6 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 7 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 8 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 9 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 10 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 12 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 13 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 14 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT user
CN=Users,CN=Builtin,DC=sanao,DC=com
ACE 1 Domain Admins Full Control ACCESS_ALLOWED
ACE 2 LocalSystem Full Control ACCESS_ALLOWED
ACE 3 Authenticated Users Read plus List Object ACCESS_ALLOWED
ACE 4 Account Operators Full Control ACCESS_ALLOWED
ACE 5 SELF Read plus List Object ACCESS_ALLOWED
ACE 6 Authenticated Users DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Send To
ACE 7 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 8 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 9 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 10 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 12 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 13 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 14 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 15 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 16 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT user
CN=Guests,CN=Builtin,DC=sanao,DC=com
ACE 1 Domain Admins Full Control ACCESS_ALLOWED
ACE 2 LocalSystem Full Control ACCESS_ALLOWED
ACE 3 Authenticated Users Read plus List Object ACCESS_ALLOWED
ACE 4 Account Operators Full Control ACCESS_ALLOWED
ACE 5 SELF Read plus List Object ACCESS_ALLOWED
ACE 6 Authenticated Users DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Send To
ACE 7 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 8 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 9 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 10 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 12 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 13 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 14 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 15 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 16 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT user
CN=Backup Operators,CN=Builtin,DC=sanao,DC=com
ACE 1 Authenticated Users DS_READ_PROP, ACCESS_ALLOWED
ACE 2 Authenticated Users DS_READ_PROP, DS_WRITE_PROP, DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Send To
ACE 3 Administrators Full Control ACCESS_ALLOWED
ACE 4 SELF ACTRL_DS_LIST, DS_SELF, DS_READ_PROP, DS_LIST_OBJECT, READ_CONTROL, ACCESS_ALLOWED_OBJECT Add/Remove self as member
ACE 5 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 6 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 7 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 8 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 9 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 10 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 12 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 13 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 14 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT user
CN=Replicator,CN=Builtin,DC=sanao,DC=com
ACE 1 Domain Admins Full Control ACCESS_ALLOWED
ACE 2 LocalSystem Full Control ACCESS_ALLOWED
ACE 3 Authenticated Users Read plus List Object ACCESS_ALLOWED
ACE 4 Account Operators Full Control ACCESS_ALLOWED
ACE 5 SELF Read plus List Object ACCESS_ALLOWED
ACE 6 Authenticated Users DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Send To
ACE 7 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 8 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 9 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 10 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 11 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 12 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 13 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 14 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 15 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 16 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT user
CN=DC11,OU=Domain Controllers,DC=sanao,DC=com
ACE 1 Domain Admins Full Control ACCESS_ALLOWED
ACE 2 Account Operators Full Control ACCESS_ALLOWED
ACE 3 LocalSystem Full Control ACCESS_ALLOWED
ACE 4 Administrators ACTRL_DS_LIST, DS_READ_PROP, DS_DELETE_TREE, DS_LIST_OBJECT, DS_CONTROL_ACCESS, DELETE, READ_CONTROL, ACCESS_ALLOWED
ACE 5 Administrators DS_WRITE_PROP, ACCESS_ALLOWED_OBJECT Account Restrictions
ACE 6 Authenticated Users Read plus List Object ACCESS_ALLOWED
ACE 7 Everyone DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Change Password
ACE 8 SELF DS_CREATE_CHILD, DS_DELETE_CHILD, ACCESS_ALLOWED
ACE 9 Print Operators DS_CREATE_CHILD, DS_DELETE_CHILD, ACCESS_ALLOWED_OBJECT printQueue
ACE 10 Cert Publishers DS_READ_PROP, DS_WRITE_PROP, ACCESS_ALLOWED_OBJECT userCertificate
ACE 11 SELF DS_SELF, ACCESS_ALLOWED_OBJECT Validated write to service principal name
ACE 12 SELF DS_READ_PROP, DS_WRITE_PROP, ACCESS_ALLOWED_OBJECT Personal Information
ACE 13 SELF DS_SELF, ACCESS_ALLOWED_OBJECT Validated write to DNS host name
ACE 14 Administrators DS_SELF, ACCESS_ALLOWED_OBJECT Validated write to DNS host name
ACE 15 Administrators DS_SELF, ACCESS_ALLOWED_OBJECT Validated write to service principal name
ACE 16 Administrators Full Control except Delete Child and Delete Subtree Inherit, Inherited, ACCESS_ALLOWED
ACE 17 Enterprise Admins Full Control Inherit, Inherited, ACCESS_ALLOWED
ACE 18 Pre-Windows 2000 Compatible Access ACTRL_DS_LIST, Inherit, Inherited, ACCESS_ALLOWED
ACE 19 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Remote Access Information user
ACE 20 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT General Information user
ACE 21 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Group Membership user
ACE 22 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Account Restrictions user
ACE 23 Pre-Windows 2000 Compatible Access DS_READ_PROP, Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT Logon Information user
ACE 24 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT group
ACE 25 Pre-Windows 2000 Compatible Access Read plus List Object Inherit, Inherit only, Inherited, ACCESS_ALLOWED_OBJECT user
CN=krbtgt,CN=Users,DC=sanao,DC=com
ACE 1 Domain Admins Full Control ACCESS_ALLOWED
ACE 2 LocalSystem Full Control ACCESS_ALLOWED
ACE 3 Account Operators Full Control ACCESS_ALLOWED
ACE 4 SELF Read plus List Object ACCESS_ALLOWED
ACE 5 SELF DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Change Password
ACE 6 SELF DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Send As
ACE 7 SELF DS_CONTROL_ACCESS, ACCESS_ALLOWED_OBJECT Receive As
ACE 8 SELF DS_READ_PROP, DS_WRITE_PROP, ACCESS_ALLOWED_OBJECT Personal Information
ACE 9 SELF DS_READ_PROP, DS_WRITE_PROP, ACCESS_ALLOWED_OBJECT Phone and Mail Options
ACE 10 SELF DS_READ_PROP, DS_WRITE_PROP, ACCESS_ALLOWED_OBJECT Web Information
ACE 11 RAS and IAS Servers DS_READ_PROP, ACCESS_ALLOWED_OBJECT Remote Access Information
ACE 12 RAS and IAS Servers DS_READ_PROP, ACCESS_ALLOWED_OBJECT Account Restrictions
ACE 13 RAS and IAS Servers DS_READ_PROP, ACCESS_ALLOWED_OBJE