none
[MS-ADTS] How to create Domain SID RRS feed

  • Question

  • Hi, What is the logic of creating Domain SID for the first domain in the new forest?
    Saturday, July 16, 2011 12:13 PM

Answers

  • Hi, Rajesh,

     

       For the first domain in a new forest, a new unique Domain SID will be created.  As per 3.1.1.1.5 MS-ADTS,  the objectsid attribute  of a domain NC root object, the domain SID, is a SID with four SubAuthority values.   

     

       How to generate a domain SID is  specified in 2.4.2.4 of MS-DTYP as below:

     

      The domain SID will have the format as “S-1-5-21-Random1-Random2-Random3”, where 

                     5 means SECURITY_NT_AUTHORITY

                    21 is the first SubAuthority value (SECURITY_NT_NON_UNIQUE), indicating a domain ID to follow. 

                    Random1- Random2 -Random3 , the next three SubAuthority values,   are three 32-bit random numbers to uniquely identify the domain.

      

       For example,  a  Domain SID could be created as   “S-1-5-21-3071076805-1052773752-2226054901”.

     

       Please let me know if you have more questions.  

     

    Thanks!

     

     


    Hongwei Sun -MSFT
    Thursday, July 21, 2011 8:59 PM

All replies

  • Hi Rajesh,

    Thank you for your question.  A colleague will follow up with you to investigate.

    Regards,
    Mark Miller
    Escalation Engineer
    US-CSS DSC PROTOCOL TEAM

    Saturday, July 16, 2011 12:32 PM
  • Hi, Rajesh,

     

       For the first domain in a new forest, a new unique Domain SID will be created.  As per 3.1.1.1.5 MS-ADTS,  the objectsid attribute  of a domain NC root object, the domain SID, is a SID with four SubAuthority values.   

     

       How to generate a domain SID is  specified in 2.4.2.4 of MS-DTYP as below:

     

      The domain SID will have the format as “S-1-5-21-Random1-Random2-Random3”, where 

                     5 means SECURITY_NT_AUTHORITY

                    21 is the first SubAuthority value (SECURITY_NT_NON_UNIQUE), indicating a domain ID to follow. 

                    Random1- Random2 -Random3 , the next three SubAuthority values,   are three 32-bit random numbers to uniquely identify the domain.

      

       For example,  a  Domain SID could be created as   “S-1-5-21-3071076805-1052773752-2226054901”.

     

       Please let me know if you have more questions.  

     

    Thanks!

     

     


    Hongwei Sun -MSFT
    Thursday, July 21, 2011 8:59 PM