Private/Text/Description.json
|
[
{ "Name":"OrganisationalUnit", "Elements": { "CanonicalName":"Name of object in canonical format ex: domain.local/Domain Controllers", "City":"Name of City where object belongs to", "CommonName":"Name of object which is used by Active Directory to perform search", "Country":"Name of Country where object belongs to", "Description":"Description of Object", "DisplayName":"Name of object used to display on screen", "DistinguishedName":"Name of object uniquely identifies entry to ntds.dit database", "GPLink":"Name of gpo id which is connected to an object", "InstanceType":"Bitfield dictates how the object is instantiated on server.1 - Head of naming context;2 - repica not instantiated;4-object is writable;8-naming context above this object is held,16-naming context is constructing for the first time by replication,32-naming contextis in proces of being remover from local Directory System Agent(DSA)", "IsCriticalSystemObject":"If TRUE then object is replicated during installation of new replica", "LastKnownParent":"DistinguishedName of object of last know parent of orphaned object", "LinkedGroupPolicyObject":"Name of GPO Object linked to Organisational Unit", "ManagedBy":"DistinguishedName of object which is assigned to manage this object", "Modified":"Calculated attribute by AD to point when the object is modified", "Name":"Name of an object", "ObjectCategory":"Defines category of an object. Single value property of class which is an instance of on or its superclasses.When an object is created, the system sets its objectCategory property to the value specified by the defaultObjectCategory property of its object class. An object's objectCategory property cannot be changed.", "ObjectClass":"Defines class of an object. It is set when object is created and cannot be changed.", "ObjectGuid":"Unique identifier for an object. It cannot be changed.", "PostalCode":"Defines postal code of an object", "ProtectedFromAccidentalDeletion":"Defines an object which has property protected from accidental deletion", "ShowInAdvancedViewOnly":"Defines an object which can be visible only in advanced view", "State":"Name of State where object belongs to", "StreetAddress":"Name of street where object belongs to", "USNChanged":"Parameter changed when the object is changed. Also it changes global USN parameter. USN-update sequence number", "USNCreated":"Parameter is assigned at object creation", "WhenChanged":"Date when the object is last changed. It is not replicated and exist in GlobalCatalog", "WhenCreated":"Date when this object was created. This value is replicated and is in the global catalog." } }, { "Name": "Group", "Elements": { "CanonicalName": "Name of object in canonical format ex: domain.local/Domain Controllers", "CommonName": "Name of object which is used by Active Directory to perform search", "Description": "Description of Object", "DistinguishedName": "Name of object uniquely identifies entry to ntds.dit database", "GroupCategory":"Category of Group. Security - used to assign permissions to shared resources;Deistribution-used to create email distribution list", "GroupScope":"Scope of group. Universal-can access to resources in multiple domains connected in forest;Global-used to provide access to resources in own or another domain. Members are only from the domain where the group is created. It can be addedd to other global and local groups. It is used for merging users or groups into one object and give them access to resources.;DomainLocal-used for manage direct access to resources like files,folders,remote desktop access where group is created. Group cannot be used in other domains, but may incude users from another domain. Local group can contain other local group, but cannot be added to global group.", "GroupType":"Set of flags defines type and scope of group object. 1-group created by system,2-global group,4-domain local group,8-universal group,16-APP_BASIC group for WS Authorization Manager,32-APP_QUERY group for WS Authorization Manager,-2147483648-security group. If it is not set then group is distribution.", "HomePage":"HomePage of an Object. It can be used as sharepoint homepage in intranet.", "InstanceType": "Bitfield dictates how the object is instantiated on server.1 - Head of naming context;2 - repica not instantiated;4-object is writable;8-naming context above this object is held,16-naming context is constructing for the first time by replication,32-naming contextis in proces of being remover from local Directory System Agent(DSA)", "ManagedBy": "DistinguishedName of object which is assigned to manage this object", "MemberOf":"Name of object which group is member of", "Members":"DistinguishedNames of members of group", "Name":"Name of an Object", "ObjectCategory": "Defines category of an object. Single value property of class which is an instance of on or its superclasses.When an object is created, the system sets its objectCategory property to the value specified by the defaultObjectCategory property of its object class. An object's objectCategory property cannot be changed.", "ObjectClass": "Defines class of an object. It is set when object is created and cannot be changed.", "ObjectGuid": "Unique identifier for an object. It cannot be changed.", "ProtectedFromAccidentalDeletion": "Defines an object which has property protected from accidental deletion", "SamAccounName":"Logon name used to support client and servers from previous Windows version", "SamAccountType":"Contains information about every object in Active directory. 0-domain object,268435456-group object,16777217-non security group object,536870912-alias object,536870913-non security alias object,805306368-user object,805306368-normal user account,805306369-machine account,805306370-trust account,1073741824-app basic group,1073741825-app query group,2147483647-account type max", "SID":"Value that uniquelly identifies an object. Security Identifier", "SIDHistory":"Contain provious SID of an object, if the object is moved from another domain. When object is moved then the new SID is created and becomes SID. Old SID is added to that property.", "USNChanged": "Parameter changed when the object is changed. Also it changes global USN parameter. USN-update sequence number", "USNCreated": "Parameter is assigned at object creation", "WhenChanged": "Date when the object is last changed. It is not replicated and exist in GlobalCatalog", "WhenCreated": "Date when this object was created. This value is replicated and is in the global catalog." } }, { "Name": "User", "Elements": { "AccountExpirationDate":"Date when accout expire", "AccountLockoutTime":"Time of account lockout", "AccountNotDelegated":"Permission account delegation", "AllowReversiblaPasswordEncryption":"Allow reversible encryption for password", "BadLogonCount:":"number of times the user tried to log on to the account using an incorrect password", "CannotChangePassword":"Parameter indicates if user can or cannot change password", "CanonicalName": "Name of object in canonical format ex: domain.local/Domain Controllers", "Certificates":"Name of certificates issued to an object", "ChangePasswordAtLogon":"Parameter indicates that an object must change password at next logon", "City": "Name of City where object belongs to", "CommonName": "Name of object which is used by Active Directory to perform search", "Company":"Name of company where object belongs to", "Country": "Name of Country where object belongs to", "DesktopProfile":"Attribute specifies location of the desktop profile for object", "Department":"Name of department where object belongs to", "Description":"Description of object", "DirectReports":"Direct employee which object report to", "DisplayName": "Name of object used to display on screen", "DistinguishedName": "Name of object uniquely identifies entry to ntds.dit database", "Division":"Name of division where object belongs to", "DoesNotRequirePreAuth":"Indicates if object not require pre authentication. It is used with legacy apps.", "EmailAddress":"Email address of an object", "EmployeeID":"ID of employee in company", "EmployeeNumber":"Number of employee in company", "Enabled":"Parameter indicates that the account is turned off or on", "Fax":"Number of fax connection", "GivenName":"It is a simple not technical name of object", "GroupMembershipSAM":"Windows NT Security. Down level Windows NT support.", "HomeDirectory":"Home directory of object", "HomeDirRequired":"Indicates is Home Directory is required for this object", "HomeDrive":"Specify the drive letter to which map UNC path specified in homeDirectory.Drive letter must be [letter]: like C:", "HomePage":"Web page of object", "HomePhone":"Home phone of object", "LastBadPasswordAttempt":"Date when bad password islast assigned to this object", "LastKnownParent":"DistinguishedName of object of the last known parent of object", "LastLogOn":"Date when the object last log on. It is stored as large int. It is number of 100-nanosecond intervals since 1 January 1601.", "LastLogOff":"Date when the object last log off", "LastLogonDate":"Last date when object is logged", "LockedOut":"If true then account is lockedout", "LockoutTime":"Date and time that account was locked out. It is stored as large int. It is number of 100-nanosecond intervals since 1 January 1601.", "LogonHours":"Hours when object can log on", "LogonWorkstations":"Workstation where object can log on", "Manager":"Name of direct manager", "MemberOf": "Name of object which group is member of", "MobilePhone":"Mobile phone of an object", "Name": "Name of an object", "ObjectCategory": "Defines category of an object. Single value property of class which is an instance of on or its superclasses.When an object is created, the system sets its objectCategory property to the value specified by the defaultObjectCategory property of its object class. An object's objectCategory property cannot be changed.", "ObjectClass": "Defines class of an object. It is set when object is created and cannot be changed.", "ObjectGuid": "Unique identifier for an object. It cannot be changed.", "Office":"Name of object office", "OfficePhone":"Phone of object", "Organization":"Name of object organization", "OtherName":"Other name of an object", "PasswordExpired":"True if account have password that can expire.", "PasswordLastSet":"Represents the date and time that the password for this account was last changed. In Microsoft Active Directory the value is stored as a LargeInteger. If this value is set to 0 and this attribute does not contain the DONT_EXPIRE_PASSWORD flag, then the user must set the password at the next logon.When the administrator clicks the 'User must change password at next logon' check-box in Active Directory Users and Computers, the Pwd-Last-Set attribute (PwdLastSet) gets set to 0.", "PasswordNeverExpires":"If true then password newver expires for this account", "PasswordNotRequired":"If true then password is not required for this account", "POBox":"Information abou Post Office of an object", "PostalCode":"Information about postal code of an object", "PrimaryGroup":"Holds the name of the group which is primary for an object", "ProfilePath":"Specifies a path to a user profile.Path can be a null,local absolute,or UNC", "ProtectedFromAccidentalDeletion":"Defines an object which has property protected from accidental deletion", "SamAccounName":"Logon name used to support client and servers from previous Windows version", "ScriptPath":"Specifies a path to script which executes before user logon", "ShowInAdvancedViewOnly":"Defines an object which can be visible only in advanced view", "ServicePrincipalName":"It is unique identifies for a service instance.List of principal names used for mutual authentication with an instance of a service on this computer.", "SID":"Value that uniquelly identifies an object. Security Identifier", "SIDHistory":"Contain provious SID of an object, if the object is moved from another domain. When object is moved then the new SID is created and becomes SID. Old SID is added to that property.", "SmartCardLogonRequired":"True if smartcard is required for logon", "State":"Name of State where object belongs to", "StreetAddress":"Name of street where object belongs to", "Surname":"Second name of an object", "ThumbnailPhoto":"Photo of an object. It can be used in Outlook to show user photo", "ThumbnailLogo":"Logo of an object. It is stored as a blob.", "Title":"User position in company.", "TrustedForDelegation":"Information if account can get token permission from other account and can manage this permissions", "TrustedToAuthForDelegation":"Information if account can auth with delegated permission token", "UserAccountControl":"Flags that control behavior of user account control. Multiple values see: https://docs.microsoft.com/en-us/windows/win32/adschema/a-useraccountcontrol#remarks", "UseDESKeyOnly":"If true then this account can or cannot use DES auth for account", "UserPrincipalName":"This attribute contains the UPN that is an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. By convention, this should map to the user email name. The value set for this attribute is equal to the length of the user's ID and the domain name.", "WhenCreated":"Date when this object was created. This value is replicated and is in the global catalog.", "WhenChanged":"Date when the object is last changed. It is not replicated and exist in GlobalCatalog" } }, { "Name": "GPOPolicy", "Elements": { "Name": "Name of an object", "Links":"Information where that object is linked.Provided in CanonicalName for OU.", "HasComputerSettings":"True if in this object policies are configured, otherwise False", "HasUserSettings": "True if in this object policies are configured, otherwise False", "UserEnabled": "True if in this object user policies are enabled, otherwise False", "ComputerEnabled": "True if in this object computer policies are enabled, otherwise False", "ComputerSettings": "Modified if computer settings are modified, otherwise NeverModified", "UserSettings": "Modified if user settings are modified, otherwise NeverModified", "GPOStatus": "Status of this object. Can be: AllSettingsEnabled-users and computer policies are enabled, ", "CreationTime": "Time when the object is created", "ModificationTime": "Time when the object is modified", "WMIFilter": "Filter for objects, where to use gpo", "WMIFiterDescription": "Description for WMI Filter", "Path":"Path to object in adsi.edit", "GUID":"Unique identifier for an object. It cannot be changed." } }, { "Name":"FineGrainedPasswordPolicy", "Elements":{ "Name":"Name of an Object", "ComplexityEnabled":"True if password complexity is enabled for this object, otherwise Fals", "LockoutDuration":"The amount of time that an account is locked due to the Lockout-Threshold being exceeded. This value is stored as a large integer that represents the negative of the number of 100-nanosecond intervals from the time the Lockout-Threshold is exceeded that must elapse before the account is unlocked.", "LockoutObservationWindow":"The observation specifies the amount of time that a users account will be locked if both criteria above are met, before being automatically unlocked. Available values range from 1 to 99,999 minutes. A value of 0 would require an administrator to explicitly unlock it.", "LockoutThreshold":"Number of attempts after which ackount is locked for logons", "MaxPasswordAge":"Maximum number of days which password can be set for the account", "MinPasswordLength":"Min length of a password", "MinPasswordAge":"Minimum number of days which password can be set for the account", "PasswordHistoryCount":"Number of password which are remembering by system to not use. If use choose password from the list then compuer deny it", "ReversibleEncryptionEnabled":"True if reversible password encryption is enabled, otherwise False", "Precedence":"Importance of an object. The lower the nunmber the object is more important for applying", "AppliesTo":"Object where the object is applied", "DistinguishedName":"Name of object uniquely identifies entry to ntds.dit database" } }, { "Name":"Computer", "Elements":{ "AccountExpirationDate":"Date when accout expire", "AccountLockoutTime":"Time of account lockout", "AccountNotDelegated":"Permission account delegation", "AllowReversiblaPasswordEncryption":"Allow reversiable encryption for password", "AuthenticationPolicy":"Containers to which administrators can assign user accounts, computer accounts, and service accounts. Sets of accounts can then be managed by the authentication policies that have been applied to that container. This reduces the need for the administrator to track access to resources for individual accounts, and helps prevent malicious users from accessing other resources through credential theft.", "AuthenticationPolicySilo":"Controls which accounts can be restricted by the silo and defines the authentication policies to apply to the members. You can create the silo based on the requirements of your organization. The silos are Active Directory objects for users, computers, and services as defined by the schema in the following table.", "BadLogonCount":"Number of logon which are incremented by one when the wrong password attempt is made. And obviously will reset to zero while the account locked out by 3 attempts and unlocked by admin / or password reset. Again it will start counting till 3.", "CannotChangePassword":"Parameter indicates if user can or cannot change password", "CanonicalName":"Name of object in canonical format ex: domain.local/Domain Controllers", "Certificates":"Name of certificates issued to an object", "CommonName":"Name of object which is used by Active Directory to perform search", "CodePage":"Specifies the code page for the user's language of choice.", "CountryCode":"Specifies the country/region code for the user's language of choice.", "Description":"Description of Object", "DisplayName":"Name of object used to display on screen", "DistinguishedName":"Name of object uniquely identifies entry to ntds.dit database", "DNSHostName":"Hostname of computer related to DNS service", "DoesNotRequirePreAuth":"Indicates if object not require pre authentication. It is used with legacy apps.", "Enabled":"Parameter indicates that the account is turned off or on", "HomeDirRequired":"Indicates is Home Directory is required for this object", "HomePage":"HomePage of an Object. It can be used as sharepoint homepage in intranet.", "InstanceType":"Bitfield dictates how the object is instantiated on server.1 - Head of naming context;2 - repica not instantiated;4-object is writable;8-naming context above this object is held,16-naming context is constructing for the first time by replication,32-naming contextis in proces of being remover from local Directory System Agent(DSA)", "IP4":"Ip address of computer in version 4", "IP6":"Ip address of computer in version 6", "IsCriticalSystemObject":"If TRUE then object is replicated during installation of new replica", "KerberosEncryptionType":"Information about supported encryption types for this object. More information: https://ldapwiki.com/wiki/MsDS-SupportedEncryptionTypes", "LastBadPasswordAttempt":"Date when bad password islast assigned to this object", "LastKnownParent":"DistinguishedName of object of last know parent of orphaned object", "LastLogonDate":"Last date when object is logged", "LocalPolicyFlags":"Flags that determine where a computer gets its policy", "Location":"Location of an object", "LockedOut":"If true then account is lockedout", "LogonCount":"The number of times the account has successfully logged on. A value of 0 indicates that the value is unknown.", "ManagedBy":"DistinguishedName of object which is assigned to manage this object", "MemberOf":"Name of object which group is member of", "Name":"Name of an Object", "ObjectCategory":"Defines category of an object. Single value property of class which is an instance of on or its superclasses.When an object is created, the system sets its objectCategory property to the value specified by the defaultObjectCategory property of its object class. An object's objectCategory property cannot be changed.", "ObjectClass":"Defines class of an object. It is set when object is created and cannot be changed.", "ObjectGuid":"Unique identifier for an object. It cannot be changed.", "OperatingSystem":"Name of operating system which are use on this object", "OperatingSystemHotfix":"Name of last hostfix installed on this object", "OperatingSystemServicePack":"Name of service pack installed on this object. It is commonly used in legacy computers.", "OperatingSystemVersion":"Version of operating system installed on this object", "PasswordExpired":"True if account have password that can expire.", "PasswordLastSet":"Represents the date and time that the password for this account was last changed. In Microsoft Active Directory the value is stored as a LargeInteger. If this value is set to 0 and this attribute does not contain the DONT_EXPIRE_PASSWORD flag, then the user must set the password at the next logon.When the administrator clicks the 'User must change password at next logon' check-box in Active Directory Users and Computers, the Pwd-Last-Set attribute (PwdLastSet) gets set to 0.", "PasswordNeverExpires":"If true then password newver expires for this account", "PasswordNotRequired":"If true then password is not required for this account", "PrimaryGroup":"Holds the name of the group which is primary for an object", "PrincipalsAllowedToDelegateToAccount":"This is an attribute on service account (computer or user account) objects. It contains a list of Service Principal Names (SPNs). This attribute is used to configure a service so that it can obtain service tickets that can be used for Constrained Delegation.", "ProtectedFromAccidentalDeletion":"Defines an object which has property protected from accidental deletion", "SamAccounName":"Logon name used to support client and servers from previous Windows version", "SamAccountType":"Contains information about every object in Active directory. 0-domain object,268435456-group object,16777217-non security group object,536870912-alias object,536870913-non security alias object,805306368-user object,805306368-normal user account,805306369-machine account,805306370-trust account,1073741824-app basic group,1073741825-app query group,2147483647-account type max", "ServiceAccount":"IT is true or false. True if object is service type, false otherwise", "ServicePrincipalName":"It is unique identifies for a service instance.List of principal names used for mutual authentication with an instance of a service on this computer.", "ServicePrincipalNames":"It is unique identifies for a service instance.List of principal names used for mutual authentication with an instance of a service on this computer. More information: https://docs.microsoft.com/en-us/windows/win32/ad/service-principal-names", "SID":"Value that uniquelly identifies an object. Security Identifier", "SIDHistory":"Contain provious SID of an object, if the object is moved from another domain. When object is moved then the new SID is created and becomes SID. Old SID is added to that property.", "TrustedForDelegation":"Information if account can get token permission from other account and can manage this permissions", "TrustedToAuthForDelegation":"Information if account can auth with delegated permission token", "UseDESKeyOnly":"If true then this account can or cannot use DES auth for account", "UserAccountControl":"Flags that control behavior of user account control. Multiple values see: https://docs.microsoft.com/en-us/windows/win32/adschema/a-useraccountcontrol#remarks", "UserCertificate":"This attribute contains the DER-encoded X509v3 certificates issued to the user", "UserPrincipalName":"This attribute contains the UPN that is an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. By convention, this should map to the user email name. The value set for this attribute is equal to the length of the user's ID and the domain name.", "USNChanged":"Parameter changed when the object is changed. Also it changes global USN parameter. USN-update sequence number", "USNCreated":"Parameter is assigned at object creation", "WhenChanged":"Date when the object is last changed. It is not replicated and exist in GlobalCatalog", "WhenCreated":"Date when this object was created. This value is replicated and is in the global catalog." } } ] |