Monday, February 25, 2008

New Attributes in Windows 2008

ms-DS-AuthenticatedAt-DC
Forward link for ms-DS-AuthenticatedTo-Accountlist; for a User, identifies which DC a user has authenticated to

ms-DS-AuthenticatedTo-Accountlist
Back link for ms-DS-AuthenticatedAt-DC; for a Computer, identifies which users have authenticated to this Computer

ms-DS-Az-Object-Guid
The unique and portable identifier of AzMan objects

ms-DS-Az-Generic-Data
AzMan specific generic data

ms-DS-isGC
For a Directory instance (DSA), Identifies the state of the Global Catalogue on the DSA

ms-DS-isRODC
For a Directory instance (DSA), Identifies whether the DSA is a Read-Only DSA

ms-DS-Maximum-Password-Age
Maximum password age for user accounts.

ms-DS-Minimum-Password-Age
Minimum password age for user accounts.

ms-DS-Minimum-Password-Length
Minimum password length for user accounts.

ms-DS-Password-History-Length
Password history length for user accounts.

ms-DS-Password-Complexity-Enabled
Password complexity status for user accounts.

ms-DS-Password-Reversible-Encryption-Enabled
Password reversible encryption status for user accounts.

ms-DS-Lockout-Observation-Window
Observation window for lockout of user accounts.

ms-DS-Lockout-Duration
Duration of lockout for locked out user accounts.

ms-DS-Lockout-Threshold
Lockout threshold for user accounts

ms-DS-PSO-Applies-To
Links to objects that this password settings object applies to.

ms-DS-PSO-Applied
Password settings object applied to this object.

ms-DS-Resultant-PSO
Resultant password settings object applied to this object.

ms-DS-Password-Settings-Precedence
Password settings precedence.

ms-DS-NC-Type
A bit field that maintains information about aspects of a NC replica that is relevant to replication.

ms-DS-Phonetic-First-Name
Contains the phonetic given name or first name of the person.

ms-DS-Phonetic-Last-Name
Contains the phonetic last name of the person.

ms-DS-Phonetic-Department
Contains the phonetic department name where the person works.

ms-DS-Phonetic-Company-Name
Contains the phonetic company name where the person works.

ms-DS-Phonetic-Display-Name
The phonetic display name of an object. In the absence of a phonetic display name the existing display name is used.

ms-DS-HAB-Seniority-Index
Contains the seniority index as applied by the organization where the person works.

ms-DS-Promotion-Settings
For a Computer, contains a XML string to be used for delegated DSA promotion

ms-DS-SiteName
For a Directory instance (DSA), Identifies the site name that contains the DSA

ms-DS-Supported-Encryption-Types
The encryption algorithms supported by user, computer or trust accounts. The KDC uses this information while generating a service ticket for this account. Services/Computers may automatically update this attribute on their respective accounts in Active Directory, and therefore need write access to this attribute.

ms-DS-Principal-Name
Account name for the security principal (constructed).

ms-DS-NC-RO-Replica-Locations
A linked attribute on a cross ref object for a partition. This attribute lists the DSA instances which should host the partition in a read-only manner.

ms-DS-NC-RO-Replica-Locations-BL
Back link attribute for ms-DS-NC-RO-Replica-Locations

ms-DS-User-Password-Expiry-Time-Computed
Contains the expiry time for the user's current password

ms-DS-KrbTgt-Link
For a computer, Identifies the user object (krbtgt), acting as the domain or secondary domain master secret. Depends on which domain or secondary domain the computer resides in.

ms-DS-Revealed-Users
For a Directory instance (DSA), Identifies the user objects whose secrets have been disclosed to that instance

ms-DS-Has-Full-Replica-NCs
For a Directory instance (DSA), identifies the partitions held as full replicas

ms-DS-Never-Reveal-Group
For a Directory instance (DSA), identifies the security group whose users will never have their secrets disclosed to that instance

ms-DS-Reveal-OnDemand-Group
For a Directory instance (DSA), identifies the security group whose users may have their secrets disclosed to that instance

ms-DS-Secondary-KrbTgt-Number
For a user object (krbtgt), acting as a secondary domain master secret, identifies the protocol identification number associated with the secondary domain.

ms-DS-Revealed-DSAs
Back link for ms-DS-Revealed-Users; for a user, identifies which Directory instances (DSA) hold that user's secret

ms-DS-KrbTgt-Link-BL
Back link for ms-DS-KrbTgt-Link; for a user object (krbtgt) acting as a domain or secondary domain master secret, identifies which computers are in that domain or secondary domain

ms-DS-Is-Full-Replica-For
Back link for ms-Ds-Has-Full-Replica-NCs; for a partition root object, identifies which Directory instances (DSA) hold that partition as a full replica

ms-DS-Is-Domain-For
Back link for ms-DS-Has-Domain-NCs; for a partition root object, identifies which Directory instances (DSA) hold that partition as their primary domain

ms-DS-Is-Partial-Replica-For
Back link for has-Partial-Replica-NCs; for a partition root object, identifies which Directory instances (DSA) hold that partition as a partial replica

ms-DS-Is-User-Cachable-At-Rodc
For a Read-only (RO) directory Instance (DSA) identifies whether the specified user's secrets are cacheable

ms-DS-Revealed-List
For a Directory instance (DSA), Identifies the user objects whose secrets have been disclosed to that instance

ms-DS-Revealed-List-BL
Back link attribute for ms-DS-Revealed-List.

ms-DS-Last-Successful-Interactive-Logon-Time
The time that the correct password was presented during a C-A-D logon.

ms-DS-Last-Failed-Interactive-Logon-Time
The time that an incorrect password was presented during a C-A-D logon.

ms-DS-Failed-Interactive-Logon-Count
The total number of failed interactive logons since this feature was turned on.

ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
The total number of failed interactive logons up until the last successful C-A-D logon.

ms-DFSR-Priority
Priority level

ms-DFSR-DeletedPath
Full path of the Deleted directory

ms-DFSR-DeletedSizeInMb
Size of the Deleted directory in MB

ms-DFSR-ReadOnly
Specify whether the content is read-only or read-write

ms-DFSR-CachePolicy
On-demand cache policy options

ms-DFSR-MinDurationCacheInMin
Minimum time in minutes before truncating files

ms-DFSR-MaxAgeInCacheInMin
Maximum time in minutes to keep files in full form

ms-FVE-RecoveryPassword
This attribute contains the password required to recover a Full Volume

ms-FVE-VolumeGuid
This attribute contains the GUID that is associated with the Bit locker-supported volume

ms-FVE-KeyPackage
This attribute contains a volume's Bit locker encryption key, secured by the corresponding password.

ms-FVE-RecoveryGuid
This attribute contains the GUID associated with a Full Volume Encryption (FVE) recovery password.

ms-TPM-OwnerInformation
This attribute contains the owner information for a particular TPM.

ms-net-ieee-80211-GP-PolicyGUID
This attribute contains a GUID which identifies a specific 802.11 group policy object on the domain.

ms-net-ieee-80211-GP-PolicyData
This attribute contains all of the settings and data which comprise a group policy configuration for 802.11 wireless networks.

ms-net-ieee-80211-GP-PolicyReserved
Reserved for future use

ms-net-ieee-8023-GP-PolicyGUID
This attribute contains a GUID which identifies a specific 802.3 group policy object on the domain.

ms-net-ieee-8023-GP-PolicyData
This attribute contains all of the settings and data which comprise a group policy configuration for 802.3 wired networks.

ms-net-ieee-8023-GP-PolicyReserved
Reserved for future use

ms-PKI-RoamingTimeStamp
Time stamp for last change to roaming tokens

ms-PKI-DPAPIMasterKeys
Storage of encrypted DPAPI Master Keys for user

ms-PKI-AccountCredentials
Storage of encrypted user credential token blobs for roaming

ms-RADIUS-FramedInterfaceId
This Attribute indicates the IPv6 interface identifier to be configured for the user.

ms-RADIUS-SavedFramedInterfaceId
This Attribute indicates the IPv6 interface identifier to be configured for the user.

ms-RADIUS-FramedIpv6Prefix
This Attribute indicates an IPv6 prefix (and corresponding route) to be configured for the user.

ms-RADIUS-SavedFramedIpv6Prefix
This Attribute indicates an IPv6 prefix (and corresponding route) to be configured for the user.

ms-RADIUS-FramedIpv6Route
This Attribute provides routing information to be configured for the user on the NAS.

ms-RADIUS-SavedFramedIpv6Route
This Attribute provides routing information to be configured for the user on the NAS.

SAM-Domain-Updates
Contains a bitmask of performed SAM operations on active directory

ms-TS-Profile-Path
Terminal Services Profile Path specifies a roaming or mandatory profile path to use when the user logs on to the Terminal Server. The profile path is in the following network path format: \\servername\profiles folder name\username

ms-TS-Home-Directory
Terminal Services Home Directory specifies the Home directory for the user. Each user on a Terminal Server has a unique home directory. This ensures that application information is stored separately for each user in a multi-user environment. To set a home directory on the local computer, specify a local path; for example, C:\Path. To set a home directory in a network environment, you must first set the TerminalServicesHomeDrive property, and then set this property to a UNC path.

ms-TS-Home-Drive
Terminal Services Home Drive specifies a Home drive for the user. In a network environment, this property is a string containing a drive specification (a drive letter followed by a colon) to which the UNC path specified in the TerminalServicesHomeDirectory property is mapped. To set a home directory in a network environment, you must first set this property and then set the TerminalServicesHomeDirectory property.

ms-TS-Allow-Logon
Terminal Services Allow Logon specifies whether the user is allowed to log on to the Terminal Server. The value is 1 if logon is allowed and 0 if logon is not allowed.

ms-TS-Remote-Control
Terminal Services Remote Control specifies the whether to allow remote observation or remote control of the user's Terminal Services session. For a description of these values, see the RemoteControl method of the Win32_TSRemoteControlSetting WMI class.
0 – Disable
1 – EnableInputNotify
2 – EnableInputNoNotify
3 - EnableNoInputNotify
4 - EnableNoInputNoNotify

ms-TS-Max-Disconnection-Time
Terminal Services Session Maximum Disconnection Time is maximum amount of time, in minutes, that a disconnected Terminal Services session remains active on the Terminal Server. After the specified number of minutes has elapsed, the session is terminated.

ms-TS-Max-Connection-Time
Terminal Services Session maximum Connection Time is Maximum duration, in minutes, of the Terminal Services session. After the specified number of minutes has elapsed, the session can be disconnected or terminated.

ms-TS-Max-Idle-Time
Terminal Services Session Maximum Idle Time is maximum amount of time, in minutes, that the Terminal Services session can remain idle. After the specified number of minutes has elapsed, the session can be disconnected or terminated.

ms-TS-Reconnection-Action
Terminal Services Session Reconnection Action specifies whether to allow reconnection to a disconnected Terminal Services session from any client computer. The value is 1 if reconnection is allowed from the original client computer only and 0 if reconnection from any client computer is allowed.

ms-TS-Broken-Connection-Action
Terminal Services Session Broken Connection Action specifies the action to take when a Terminal Services session limit is reached. The value is 1 if the client session should be terminated and 0 if the client session should be disconnected.

ms-TS-Connect-Client-Drives
Terminal Services Session Connect Client Drives At Logon specifies whether to reconnect to mapped client drives at logon. The value is 1 if reconnection is enabled and 0 if reconnection is disabled.

ms-TS-Connect-Printer-Drives
Terminal Services Session Connect Printer Drives At Logon specifies whether to reconnect to mapped client printers at logon. The value is 1 if reconnection is enabled and 0 if reconnection is disabled.

ms-TS-Default-To-Main-Printer
Terminal Services Default To Main Printer specifies whether to print automatically to the client's default printer. The value is 1 if printing to the client's default printer is enabled and 0 if it is disabled.

ms-TS-Work-Directory
Terminal Services Session Work Directory specifies the working directory path for the user. To set an initial application to start when the user logs on to the Terminal Server, you must first set the TerminalServicesInitialProgram property, and then set this property.

ms-TS-Initial-Program
Terminal Services Session Initial Program specifies the Path and file name of the application that the user wants to start automatically when the user logs on to the Terminal Server. To set an initial application to start when the user logs on, you must first set this property and then set the TerminalServicesWorkDirectory property. If you set only the TerminalServicesInitialProgram property, the application starts in the user's session in the default user directory.

MS-TS-Property01
Placeholder Terminal Server Property

MS-TS-Property02
Placeholder Terminal Server Property

MS-TS-ExpireDate
TS Expiration Date

MS-TS-ExpireDate2
Expiration date of the second TS per user CAL.

MS-TS-ExpireDate3
Expiration date of the third TS per user CAL.

MS-TS-ExpireDate4
Expiration date of the third TS per user CAL.

MS-TS-LicenseVersion
TS License Version

MS-TS-LicenseVersion2
Version of the second TS per user CAL.

MS-TS-LicenseVersion3
Version of the third TS per user CAL

MS-TS-LicenseVersion4
Version of the fourth TS per user CAL.

MS-TS-ManagingLS
TS Managing License Server

MS-TS-ManagingLS2
Issuer name of the second TS per user CAL.

MS-TS-ManagingLS3
Issuer name of the third TS per user CAL.

MS-TS-ManagingLS4
Issuer name of the fourth TS per user CAL.

MS-TSLS-Property01
Placeholder Terminal Server Property 01

MS-TSLS-Property02
Placeholder Terminal Server Property 01

ms-DFSR-DisablePacketPrivacy
Disable packet privacy on a connection

ms-DFSR-DefaultCompressionExclusionFilter
Filter string containing extensions of file types not to be compressed

ms-DFSR-OnDemandExclusionFileFilter
Filter string applied to on demand replication files

ms-DFSR-OnDemandExclusionDirectoryFilter
Filter string applied to on demand replication directories

ms-DFSR-Options2
Object Options2

ms-DFSR-CommonStagingPath
Full path of the common staging directory

ms-DFSR-CommonStagingSizeInMb
Size of the common staging directory in MB

ms-DFSR-StagingCleanupTriggerInPercent
Staging cleanup trigger in percent of free disk space

Saturday, February 23, 2008

New Classes in Windows 2008

New Classes in Windows 2008

ms-DS-Password-Settings
ms-DS-Password-Settings-Container
NTDS-DSA-RO
ms-net-ieee-80211-GroupPolicy
ms-net-ieee-8023-GroupPolicy
ms-FVE-RecoveryInformation

New Inclusions in the GC for Windows 2008

Last-Logon-Timestamp
This is the time that the user last logged into the domain. Whenever a user logs on, the value of this attribute is read from the DC. If the value is older [current_time - msDS-LogonTimeSyncInterval], the value is updated. The initial update after the raise of the domain functional level is calculated as 14 days minus random percentage of 5 days

MS-DRM-Identity-Certificate
The XrML digital rights management certificates for this user.

ms-DS-Phonetic-First-Name
Contains the phonetic given name or first name of the person

ms-DS-Phonetic-Last-Name
Contains the phonetic last name of the person.

ms-DS-Phonetic-Department
Contains the phonetic department name where the person works

ms-DS-Phonetic-Company-Name
Contains the phonetic company name where the person works.

ms-DS-Phonetic-Display-Name
The phonetic display name of an object. In the absence of a phonetic display name the existing display name is used.

ms-DS-HAB-Seniority-Index
Contains the seniority index as applied by the organization where the person works.

ms-FVE-VolumeGuid
This attribute contains the GUID that is associated with the Bit locker-supported volume.

ms-FVE-RecoveryGuid
This attribute contains the GUID associated with a Full Volume Encryption (FVE) recovery password.