Considering Active Directory Migration?

Whether migrating or restructuring to meet specific economic challenges, undergoing acquisition, mergers or divestitures, Winzero Active Directory Migrator provides the features necessary to meet your evolving needs and budget.


Winzero has released the next solution in Active Directory Migration Challenges - Winzero Active Directory Migrator, ensuring coexistence between migrated and un-migrated users, simplifing the migration processes with automated resource updating and continued support during and after the migration process.

Exchange Server 2007 New Property Sets

Property sets in Exchange Server 2007 for attribute grouping enables access control for specific object properties. Property sets use one single Access Control Entry (ACE) instead of an ACE for each individual property.

Exchange Server 2007 creates two new property sets exclusively for itself and doesn’t use existing Active Directory property sets.

Exchange Server 2007 SP1 Schema Extensions
Exchange Server 2007 SP1 comes with a lot of additional Schema extensions:

ms-Exch-Foreign-Forest-Public-Folder-Admin-USG-Sid,

ms-Exch-Internal-NLB-Bypass-Host-Name,

ms-Exch-Mobile-Additional-Flags,

ms-Exch-Mobile-Allow-Bluetooth,

ms-Exch-Mobile-Allow-SMIME-Encryption-Algorithm-Negotiation,

ms-Exch-Mobile-Approved-Application-List,

ms-Exch-Mobile-Max-Calendar-Age-Filter,

ms-Exch-Mobile-Max-Email-Age-Filter,

ms-Exch-Mobile-Max-Email-Body-Truncation-Size,

ms-Exch-Mobile-Max-Email-HTML-Body-Truncation-Size,

ms-Exch-Mobile-Min-Device-Password-Complex-Characters,

ms-Exch-Mobile-Require-Encryption-SMIME-Algorithm,

ms-Exch-Mobile-Require-Signed-SMIME-Algorithm,

ms-Exch-Mobile-Unapproved-In-ROM-Application-List,

ms-Exch-Standby-Copy-Machines,

Completely Removing a Mailbox Enabled User's Mailbox

If an object is a mailbox enabled user with a valid mailbox, the "Delete Mailbox" option will be available only if there is a mailbox (so a distribution list would have a "Remove email address" option instead).

The "Remove Exchange Attributes" option is available for ANY type of recipient object, mail enabled or not. This option is extremely useful when there is a need to "clear" the attributes in case that some of them were damaged or not valid for some reason. Let's say there is a mailbox enabled user that had some of his attributes changed by some process, and because of that, you cannot use the "Delete Mailbox" option. You can always run AdSearch and "clear out" the values so you can start fresh with mailbox enabling that user again.

Remove Exchange Attributes removes the following attributes as long as they actually exist as available attributes of that schema object:

You can use ADSearch to report the status of each attribute by copying the list below and adding it to the objects attribute properties.

adminDisplayName
altRecipient
authOrig
autoReplyMessage (ILS Settings)
deletedItemFlags
delivContLength
deliverAndRedirect
displayNamePrintable
dLMemDefault
dLMemRejectPerms
dLMemSubmitPerms
extensionAttribute1
extensionAttribute10
extensionAttribute11
extensionAttribute12
extensionAttribute13
extensionAttribute14
extensionAttribute15
extensionAttribute2
extensionAttribute3
extensionAttribute4
extensionAttribute5
extensionAttribute6
extensionAttribute7
extensionAttribute8
extensionAttribute9
folderPathname (Outlook Web Access Server)
garbageCollPeriod
homeMDB (Exchange Mailbox Store)
homeMTA
internetEncoding
legacyExchangeDN
mail (E-Mail Address)
mailNickname (Alias)
mAPIRecipient
mDBOverHardQuotaLimit
mDBOverQuotaLimit
mDBStorageQuota
mDBUseDefaults
msExchADCGlobalNames
msExchControllingZone
msExchExpansionServerName
msExchFBURL
msExchHideFromAddressLists
msExchHomeServerName (Exchange Home Server)
msExchMailboxGuid
msExchMailboxSecurityDescriptor
msExchPoliciesExcluded
msExchPoliciesIncluded
msExchRecipLimit
msExchResourceGUID
protocolSettings
proxyAddresses (Proxy Addresses)
publicDelegates
securityProtocol
showInAddressBook
submissionContLength
targetAddress
textEncodedORAddress
unauthOrig

In addition to removing the attributes above, the Delete Mailbox option also removes the mailbox information from the dsaccess cache. Note that this actually leaves the mailbox in place with the expectation that the mailbox cleanup task will take care of it at the appropriate time. So the mailbox is actually NOT deleted (purged) from the Information Store as part of this process. Although it will be purged by the mailbox cleanup task later, or as specified by the "Deletion settings" for mailboxes on the database's Limits tab in ESM.

Windows Groups

Account Operators
SID: S-1-5-32-548
TYPE: BUILTIN
Exists only on domain controllers. By default, the group has no members. By default, Account Operators have permission to create, modify, and delete accounts for users, groups, and computers in all containers and organizational units (OUs) of Active Directory except the Builtin container and the Domain Controllers OU. Account Operators do not have permission to modify the Administrators and Domain Admins groups, nor do they have permission to modify the accounts for members of those groups.

Administrators
SID: S-1-5-32-544
TYPE: BUILTIN
After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admins group is added to the Administrators group. When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group. The Administrators group has built-in capabilities that give its members full control over the system. The group is the default owner of any object that is created by a member of the group.

Authenticated Users
SID: S-1-5-11
A group that includes all users whose identities were authenticated when they logged on. Membership is controlled by the operating system.

Backup Operators
SID: S-1-5-32-551
TYPE: BUILTIN
By default, the group has no members. Backup Operators can back up and restore all files on a computer, regardless of the permissions that protect those files. Backup Operators also can log on to the computer and shut it down.

Batch
SID: S-1-5-3
A group that implicitly includes all users who have logged on through a batch queue facility such as task scheduler jobs. Membership is controlled by the operating system.

Cert Publishers
SID: S-1-5-domain-517
TYPE: Global Group
Includes all computers that are running an enterprise certificate authority. Cert Publishers are authorized to publish certificates for User objects in Active Directory.

Cert Requesters
SID: S-1-5-domain-517
TYPE: Domain Local Group
Members can request certificates

Creator Group
SID: S-1-3-1
A placeholder in an inheritable ACE. When the ACE is inherited, the system replaces this SID with the SID for the primary group of the object's current owner. The primary group is used only by the POSIX subsystem.

Dialup
SID: S-1-5-1
A group that implicitly includes all users who are logged on to the system through a dial-up connection. Membership is controlled by the operating system.

Distributed COM Users
SID: S-1-5-32-562
TYPE: BUILTIN
An alias. A group for COM to provide computerwide access controls that govern access to all call, activation, or launch requests on the computer.

Domain Admins
SID: S-1-5-domain-512
TYPE: Global Group
Members are authorized to administer the domain. By default, the Domain Admins group is a member of the Administrators group on all computers that have joined a domain, including the domain controllers. Domain Admins is the default owner of any object that is created in the domain's Active Directory by any member of the group. If members of the group create other objects, such as files, the default owner is the Administrators group.

Domain Computers
SID: S-1-5-domain-515
TYPE: Global Group
Includes all computers that have joined the domain, excluding domain controllers.

Domain Controllers
SID: S-1-5-domain-516
TYPE: Global Group
Includes all domain controllers in the domain. New domain controllers are added to this group automatically.

Domain Guests
SID: S-1-5-domain-514
TYPE: Global Group
By default, has only one member, the domain's built-in Guest account.

Domain Users
SID: S-1-5-domain-513
TYPE: Global Group
By default, includes all user accounts in a domain. When you create a user account in a domain, it is added to this group automatically.

Enterprise Admins
SID: S-1-5-root domain-519
TYPE: Universal Group
A group that exists only in the root domain of an Active Directory forest of domains. It is a universal group if the domain is in native mode, a global group if the domain is in mixed mode. The group is authorized to make forest-wide changes in Active Directory, such as adding child domains. By default, the only member of the group is the Administrator account for the forest root domain.

Enterprise Controllers
SID: S-1-5-9
A group that includes all domain controllers an Active Directory directory service forest of domains. Membership is controlled by the operating system.

Everyone
SID: S-1-1-0
A group that includes all users, even anonymous users and guests. Membership is controlled by the operating system.

Group Policy Creators Owners
SID: S-1-5-domain-520
TYPE: Global Group
Authorized to create new Group Policy objects in Active Directory. By default, the only member of the group is Administrator. The default owner of a new Group Policy object is usually the user who created it. If the user is a member of Administrators or Domain Admins, all objects that are created by the user are owned by the group. Owners have full control of the objects they own.

Guests
SID: S-1-5-32-546
TYPE BUILTIN
By default, the only member is the Guest account. The Guests group allows occasional or one-time users to log on with limited privileges to a computer's built-in Guest account.

HelpServicesGroup
Group for the Help and Support Center

Incoming Forest Trust Builders
SID: S-1-5-32-557
TYPE: BUILTIN
An alias. Members of this group can create incoming, one-way trusts to this forest.

Interactive
SID: S-1-5-4
A group that includes all users who have logged on interactively. Membership is controlled by the operating system.

Network
SID: S-1-5-2
A group that implicitly includes all users who are logged on through a network connection. Membership is controlled by the operating system.

Network Configuration Operators
SID: S-1-5-32-556
TYPE: BUILTIN
An alias. Members in this group can have some administrative privileges to manage configuration of networking features.

Performance Monitor Users
SID: S-1-5-32-558
TYPE: BUILTIN
An alias. Members of this group have remote access to monitor this computer.

Performance Log Users
SID: S-1-5-32-559
TYPE: BUILTIN
An alias. Members of this group have remote access to schedule logging of performance counters on this computer.

Power Users
SID: S-1-5-32-548
TYPE: BUILTIN
By default, the group has no members. This group does not exist on domain controllers. Power Users can create local users and groups; modify and delete accounts that they have created; and remove users from the Power Users, Users, and Guests groups. Power Users also can install most applications; create, manage, and delete local printers; and create and delete file shares.

Pre-Windows 2000 Compatible Access
SID: S-1-5-32-554
A backward compatibility group which allows read access on all users and groups in the domain

Principal Self or Self
SID: S-1-5-10
A placeholder in an ACE on a user, group, or computer object in Active Directory. When you grant permissions to Principal Self, you grant them to the security principal represented by the object. During an access check, the operating system replaces the SID for Principal Self with the SID for the security principal represented by the object.

Print Operators
SID: S-1-5-32-550
TYPE: BUILTIN
Exists only on domain controllers. By default, the only member is the Domain Users group. Print Operators can manage printers and document queues.

RAS and IAS Servers
SID: S-1-5-domain-533
TYPE: Domain Local Group
By default, this group has no members. Computers that are running the Routing and Remote Access service are added to the group automatically. Members of this group have access to certain properties of User objects, such as Read Account Restrictions, Read Logon Information, and Read Remote Access Information.

Remote Desktop Users
SID: S-1-5-32-555
Members in this group are granted the right to logon remotely

Replicators
SID: S-1-5-32-552
Windows NT domains, this group is called Replicators and is used by the directory replication service. In 2K/XP the group is present but is not used.

Schema Admins
SID: S-1-5-root domain-518
TYPE: Universal Group
A group that exists only in the root domain of an Active Directory forest of domains. It is a universal group if the domain is in native mode , a global group if the domain is in mixed mode . The group is authorized to make schema changes in Active Directory. By default, the only member of the group is the Administrator account for the forest root domain.

Server Operators
SID: S-1-5-32-549
TYPE: BUILTIN
Exists only on domain controllers. By default, the group has no members. Server Operators can log on to a server interactively; create and delete network shares; start and stop services; back up and restore files; format the hard disk of the computer; and shut down the computer.

Service
SID: S-1-5-6
A group that includes all security principals that have logged on as a service. Membership is controlled by the operating system.

Terminal Server License Servers
SID: S-1-5-32-561
TYPE: BUILTIN
An alias. A group for Terminal Server License Servers. When Windows Server 2003 Service Pack 1 is installed, a new local group is created.

Terminal Server Users
SID: S-1-5-13
TYPE: BUILTIN
A group that includes all users who have logged on to a Terminal Services server. Membership is controlled by the operating system.

Users
SID: S-1-5-32-545
TYPE: BUILTIN
After the initial installation of the operating system, the only member is the Authenticated Users group. When a computer joins a domain, the Domain Users group is added to the Users group on the computer. Users can perform tasks such as running applications, using local and network printers, shutting down the computer, and locking the computer. Users can install applications that only they are allowed to use if the installation program of the application supports per-user installation.

Windows Authorization Access Group
SID: S-1-5-32-560
TYPE: BUILTIN
An alias. Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects.

To better understand, report or manage Windows groups see: Winzero GroupManagerPlus

New Attributes in Windows 2008

ms-DS-AuthenticatedAt-DC
Forward link for ms-DS-AuthenticatedTo-Accountlist; for a User, identifies which DC a user has authenticated to

ms-DS-AuthenticatedTo-Accountlist
Back link for ms-DS-AuthenticatedAt-DC; for a Computer, identifies which users have authenticated to this Computer

ms-DS-Az-Object-Guid
The unique and portable identifier of AzMan objects

ms-DS-Az-Generic-Data
AzMan specific generic data

ms-DS-isGC
For a Directory instance (DSA), Identifies the state of the Global Catalogue on the DSA

ms-DS-isRODC
For a Directory instance (DSA), Identifies whether the DSA is a Read-Only DSA

ms-DS-Maximum-Password-Age
Maximum password age for user accounts.

ms-DS-Minimum-Password-Age
Minimum password age for user accounts.

ms-DS-Minimum-Password-Length
Minimum password length for user accounts.

ms-DS-Password-History-Length
Password history length for user accounts.

ms-DS-Password-Complexity-Enabled
Password complexity status for user accounts.

ms-DS-Password-Reversible-Encryption-Enabled
Password reversible encryption status for user accounts.

ms-DS-Lockout-Observation-Window
Observation window for lockout of user accounts.

ms-DS-Lockout-Duration
Duration of lockout for locked out user accounts.

ms-DS-Lockout-Threshold
Lockout threshold for user accounts

ms-DS-PSO-Applies-To
Links to objects that this password settings object applies to.

ms-DS-PSO-Applied
Password settings object applied to this object.

ms-DS-Resultant-PSO
Resultant password settings object applied to this object.

ms-DS-Password-Settings-Precedence
Password settings precedence.

ms-DS-NC-Type
A bit field that maintains information about aspects of a NC replica that is relevant to replication.

ms-DS-Phonetic-First-Name
Contains the phonetic given name or first name of the person.

ms-DS-Phonetic-Last-Name
Contains the phonetic last name of the person.

ms-DS-Phonetic-Department
Contains the phonetic department name where the person works.

ms-DS-Phonetic-Company-Name
Contains the phonetic company name where the person works.

ms-DS-Phonetic-Display-Name
The phonetic display name of an object. In the absence of a phonetic display name the existing display name is used.

ms-DS-HAB-Seniority-Index
Contains the seniority index as applied by the organization where the person works.

ms-DS-Promotion-Settings
For a Computer, contains a XML string to be used for delegated DSA promotion

ms-DS-SiteName
For a Directory instance (DSA), Identifies the site name that contains the DSA

ms-DS-Supported-Encryption-Types
The encryption algorithms supported by user, computer or trust accounts. The KDC uses this information while generating a service ticket for this account. Services/Computers may automatically update this attribute on their respective accounts in Active Directory, and therefore need write access to this attribute.

ms-DS-Principal-Name
Account name for the security principal (constructed).

ms-DS-NC-RO-Replica-Locations
A linked attribute on a cross ref object for a partition. This attribute lists the DSA instances which should host the partition in a read-only manner.

ms-DS-NC-RO-Replica-Locations-BL
Back link attribute for ms-DS-NC-RO-Replica-Locations

ms-DS-User-Password-Expiry-Time-Computed
Contains the expiry time for the user's current password

ms-DS-KrbTgt-Link
For a computer, Identifies the user object (krbtgt), acting as the domain or secondary domain master secret. Depends on which domain or secondary domain the computer resides in.

ms-DS-Revealed-Users
For a Directory instance (DSA), Identifies the user objects whose secrets have been disclosed to that instance

ms-DS-Has-Full-Replica-NCs
For a Directory instance (DSA), identifies the partitions held as full replicas

ms-DS-Never-Reveal-Group
For a Directory instance (DSA), identifies the security group whose users will never have their secrets disclosed to that instance

ms-DS-Reveal-OnDemand-Group
For a Directory instance (DSA), identifies the security group whose users may have their secrets disclosed to that instance

ms-DS-Secondary-KrbTgt-Number
For a user object (krbtgt), acting as a secondary domain master secret, identifies the protocol identification number associated with the secondary domain.

ms-DS-Revealed-DSAs
Back link for ms-DS-Revealed-Users; for a user, identifies which Directory instances (DSA) hold that user's secret

ms-DS-KrbTgt-Link-BL
Back link for ms-DS-KrbTgt-Link; for a user object (krbtgt) acting as a domain or secondary domain master secret, identifies which computers are in that domain or secondary domain

ms-DS-Is-Full-Replica-For
Back link for ms-Ds-Has-Full-Replica-NCs; for a partition root object, identifies which Directory instances (DSA) hold that partition as a full replica

ms-DS-Is-Domain-For
Back link for ms-DS-Has-Domain-NCs; for a partition root object, identifies which Directory instances (DSA) hold that partition as their primary domain

ms-DS-Is-Partial-Replica-For
Back link for has-Partial-Replica-NCs; for a partition root object, identifies which Directory instances (DSA) hold that partition as a partial replica

ms-DS-Is-User-Cachable-At-Rodc
For a Read-only (RO) directory Instance (DSA) identifies whether the specified user's secrets are cacheable

ms-DS-Revealed-List
For a Directory instance (DSA), Identifies the user objects whose secrets have been disclosed to that instance

ms-DS-Revealed-List-BL
Back link attribute for ms-DS-Revealed-List.

ms-DS-Last-Successful-Interactive-Logon-Time
The time that the correct password was presented during a C-A-D logon.

ms-DS-Last-Failed-Interactive-Logon-Time
The time that an incorrect password was presented during a C-A-D logon.

ms-DS-Failed-Interactive-Logon-Count
The total number of failed interactive logons since this feature was turned on.

ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
The total number of failed interactive logons up until the last successful C-A-D logon.

ms-DFSR-Priority
Priority level

ms-DFSR-DeletedPath
Full path of the Deleted directory

ms-DFSR-DeletedSizeInMb
Size of the Deleted directory in MB

ms-DFSR-ReadOnly
Specify whether the content is read-only or read-write

ms-DFSR-CachePolicy
On-demand cache policy options

ms-DFSR-MinDurationCacheInMin
Minimum time in minutes before truncating files

ms-DFSR-MaxAgeInCacheInMin
Maximum time in minutes to keep files in full form

ms-FVE-RecoveryPassword
This attribute contains the password required to recover a Full Volume

ms-FVE-VolumeGuid
This attribute contains the GUID that is associated with the Bit locker-supported volume

ms-FVE-KeyPackage
This attribute contains a volume's Bit locker encryption key, secured by the corresponding password.

ms-FVE-RecoveryGuid
This attribute contains the GUID associated with a Full Volume Encryption (FVE) recovery password.

ms-TPM-OwnerInformation
This attribute contains the owner information for a particular TPM.

ms-net-ieee-80211-GP-PolicyGUID
This attribute contains a GUID which identifies a specific 802.11 group policy object on the domain.

ms-net-ieee-80211-GP-PolicyData
This attribute contains all of the settings and data which comprise a group policy configuration for 802.11 wireless networks.

ms-net-ieee-80211-GP-PolicyReserved
Reserved for future use

ms-net-ieee-8023-GP-PolicyGUID
This attribute contains a GUID which identifies a specific 802.3 group policy object on the domain.

ms-net-ieee-8023-GP-PolicyData
This attribute contains all of the settings and data which comprise a group policy configuration for 802.3 wired networks.

ms-net-ieee-8023-GP-PolicyReserved
Reserved for future use

ms-PKI-RoamingTimeStamp
Time stamp for last change to roaming tokens

ms-PKI-DPAPIMasterKeys
Storage of encrypted DPAPI Master Keys for user

ms-PKI-AccountCredentials
Storage of encrypted user credential token blobs for roaming

ms-RADIUS-FramedInterfaceId
This Attribute indicates the IPv6 interface identifier to be configured for the user.

ms-RADIUS-SavedFramedInterfaceId
This Attribute indicates the IPv6 interface identifier to be configured for the user.

ms-RADIUS-FramedIpv6Prefix
This Attribute indicates an IPv6 prefix (and corresponding route) to be configured for the user.

ms-RADIUS-SavedFramedIpv6Prefix
This Attribute indicates an IPv6 prefix (and corresponding route) to be configured for the user.

ms-RADIUS-FramedIpv6Route
This Attribute provides routing information to be configured for the user on the NAS.

ms-RADIUS-SavedFramedIpv6Route
This Attribute provides routing information to be configured for the user on the NAS.

SAM-Domain-Updates
Contains a bitmask of performed SAM operations on active directory

ms-TS-Profile-Path
Terminal Services Profile Path specifies a roaming or mandatory profile path to use when the user logs on to the Terminal Server. The profile path is in the following network path format: \\servername\profiles folder name\username

ms-TS-Home-Directory
Terminal Services Home Directory specifies the Home directory for the user. Each user on a Terminal Server has a unique home directory. This ensures that application information is stored separately for each user in a multi-user environment. To set a home directory on the local computer, specify a local path; for example, C:\Path. To set a home directory in a network environment, you must first set the TerminalServicesHomeDrive property, and then set this property to a UNC path.

ms-TS-Home-Drive
Terminal Services Home Drive specifies a Home drive for the user. In a network environment, this property is a string containing a drive specification (a drive letter followed by a colon) to which the UNC path specified in the TerminalServicesHomeDirectory property is mapped. To set a home directory in a network environment, you must first set this property and then set the TerminalServicesHomeDirectory property.

ms-TS-Allow-Logon
Terminal Services Allow Logon specifies whether the user is allowed to log on to the Terminal Server. The value is 1 if logon is allowed and 0 if logon is not allowed.

ms-TS-Remote-Control
Terminal Services Remote Control specifies the whether to allow remote observation or remote control of the user's Terminal Services session. For a description of these values, see the RemoteControl method of the Win32_TSRemoteControlSetting WMI class.
0 – Disable
1 – EnableInputNotify
2 – EnableInputNoNotify
3 - EnableNoInputNotify
4 - EnableNoInputNoNotify

ms-TS-Max-Disconnection-Time
Terminal Services Session Maximum Disconnection Time is maximum amount of time, in minutes, that a disconnected Terminal Services session remains active on the Terminal Server. After the specified number of minutes has elapsed, the session is terminated.

ms-TS-Max-Connection-Time
Terminal Services Session maximum Connection Time is Maximum duration, in minutes, of the Terminal Services session. After the specified number of minutes has elapsed, the session can be disconnected or terminated.

ms-TS-Max-Idle-Time
Terminal Services Session Maximum Idle Time is maximum amount of time, in minutes, that the Terminal Services session can remain idle. After the specified number of minutes has elapsed, the session can be disconnected or terminated.

ms-TS-Reconnection-Action
Terminal Services Session Reconnection Action specifies whether to allow reconnection to a disconnected Terminal Services session from any client computer. The value is 1 if reconnection is allowed from the original client computer only and 0 if reconnection from any client computer is allowed.

ms-TS-Broken-Connection-Action
Terminal Services Session Broken Connection Action specifies the action to take when a Terminal Services session limit is reached. The value is 1 if the client session should be terminated and 0 if the client session should be disconnected.

ms-TS-Connect-Client-Drives
Terminal Services Session Connect Client Drives At Logon specifies whether to reconnect to mapped client drives at logon. The value is 1 if reconnection is enabled and 0 if reconnection is disabled.

ms-TS-Connect-Printer-Drives
Terminal Services Session Connect Printer Drives At Logon specifies whether to reconnect to mapped client printers at logon. The value is 1 if reconnection is enabled and 0 if reconnection is disabled.

ms-TS-Default-To-Main-Printer
Terminal Services Default To Main Printer specifies whether to print automatically to the client's default printer. The value is 1 if printing to the client's default printer is enabled and 0 if it is disabled.

ms-TS-Work-Directory
Terminal Services Session Work Directory specifies the working directory path for the user. To set an initial application to start when the user logs on to the Terminal Server, you must first set the TerminalServicesInitialProgram property, and then set this property.

ms-TS-Initial-Program
Terminal Services Session Initial Program specifies the Path and file name of the application that the user wants to start automatically when the user logs on to the Terminal Server. To set an initial application to start when the user logs on, you must first set this property and then set the TerminalServicesWorkDirectory property. If you set only the TerminalServicesInitialProgram property, the application starts in the user's session in the default user directory.

MS-TS-Property01
Placeholder Terminal Server Property

MS-TS-Property02
Placeholder Terminal Server Property

MS-TS-ExpireDate
TS Expiration Date

MS-TS-ExpireDate2
Expiration date of the second TS per user CAL.

MS-TS-ExpireDate3
Expiration date of the third TS per user CAL.

MS-TS-ExpireDate4
Expiration date of the third TS per user CAL.

MS-TS-LicenseVersion
TS License Version

MS-TS-LicenseVersion2
Version of the second TS per user CAL.

MS-TS-LicenseVersion3
Version of the third TS per user CAL

MS-TS-LicenseVersion4
Version of the fourth TS per user CAL.

MS-TS-ManagingLS
TS Managing License Server

MS-TS-ManagingLS2
Issuer name of the second TS per user CAL.

MS-TS-ManagingLS3
Issuer name of the third TS per user CAL.

MS-TS-ManagingLS4
Issuer name of the fourth TS per user CAL.

MS-TSLS-Property01
Placeholder Terminal Server Property 01

MS-TSLS-Property02
Placeholder Terminal Server Property 01

ms-DFSR-DisablePacketPrivacy
Disable packet privacy on a connection

ms-DFSR-DefaultCompressionExclusionFilter
Filter string containing extensions of file types not to be compressed

ms-DFSR-OnDemandExclusionFileFilter
Filter string applied to on demand replication files

ms-DFSR-OnDemandExclusionDirectoryFilter
Filter string applied to on demand replication directories

ms-DFSR-Options2
Object Options2

ms-DFSR-CommonStagingPath
Full path of the common staging directory

ms-DFSR-CommonStagingSizeInMb
Size of the common staging directory in MB

ms-DFSR-StagingCleanupTriggerInPercent
Staging cleanup trigger in percent of free disk space