Relação de objetos padrões do Windows e respectivo SID

  • Article

Recentemente em um projeto, precisei identificar qual era o nome do grupo de um determinado SID. Pesquisando em algumas referência, não achei uma tabela completa, então decidi montar uma (na verdade 3 tabelas) com a lista de objetos (usuários e grupos) padrões do Windows 2008 e Windows 2008 R2.

Preferi dividir em 3 tabelas , conforme a localização dentro do Active Directory.

Tabela 1 - objetos do container BuiltIn
Tabela 2 - objetos do container Users
Tabela 3 - objetos especiais

Tabela 1: O caminho dos objetos LDAP da tabela abaixo é CN=BuiltIn, DC=<domain>

Nome do objeto SID Tipo
Account Operators S-1-5-32-548 BuiltIn Local
Administrators S-1-5-32-544 BuiltIn Local
Backup Operators S-1-5-32-551 BuiltIn Local
Certificate Service DCOM Access S-1-5-32-574 BuiltIn Local
Cryptographic Operators S-1-5-32-569 BuiltIn Local
Distributed COM Users S-1-5-32-562 BuiltIn Local
Event Log Readers S-1-5-32-573 BuiltIn Local
Guests S-1-5-32-546 BuiltIn Local
IIS_IUSRS S-1-5-32-568 BuiltIn Local
Incoming Forest Trust Builders S-1-5-32-557 BuiltIn Local
Network Configuration Operators S-1-5-32-556 BuiltIn Local
Performance Log Users S-1-5-32-559 BuiltIn Local
Performance Monitor Users S-1-5-32-558 BuiltIn Local
Pre–Windows 2000 Compatible Access S-1-5-32-554 BuiltIn Local
Print Operators S-1-5-32-550 BuiltIn Local
Remote Desktop Users S-1-5-32-555 BuiltIn Local
Replicator S-1-5-32-552 BuiltIn Local
Server Operators S-1-5-32-549 BuiltIn Local
Terminal Server License Servers S-1-5-32-561 BuiltIn Local
Users S-1-5-32-545 BuiltIn Local
Windows Authorization Access Group S-1-5-32-560 BuiltIn Local

Tabela 2: O caminho LDAP dos objetos da tabela abaixo é CN=Users, DC=<domain>

Nome do objeto SID Tipo
Administrator S-1-5-<domain>-500 User
Allowed RODC Password Replication Group S-1-5-<domain>-571 Domain Local
Cert Publishers S-1-5-<domain>-517 Domain Local
Denied RODC Password Replication Group S-1-5-<domain>-572 Domain Local
Domain Admins S-1-5-<domain>-512 Domain Global
Domain Computers S-1-5-<domain>-515 Domain Global
Domain Controllers S-1-5-<domain>-516 Domain Global
Domain Guests S-1-5-<domain>-514 Domain Global
Domain Users S-1-5-<domain>-513 Domain Global
Enterprise Admins * S-1-5-<domain>-519 Universal
Enterprise Read-only Domain Controllers * S-1-5-<domain>-498 Universal
Group Policy Creators Owners S-1-5-<domain>-520 Domain Global
Guest S-1-5-<domain>-501 User
HelpAssistant NA User
KRBTGT S-1-5-<domain>-502 User
RAS and IAS Servers S-1-5-<domain>-553 Domain Local
Read-only Domain Controllers S-1-5-<domain>-521 Domain Global
Schema Admins * S-1-5-<domain>-518 Universal
Support_388945a0 NA User

* Estes grupos são únicos na floresta, logo o campo <domain> do SID, refere-se ao nome do domínio raiz da floresta, além disso, o grupo só será Universal se o domínio estiver em modo nativo, caso contrário o grupo será Domain Global.

Tabela 3: O caminho LDAP dos objetos da tabela abaixo é cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Nome do objeto SID Tipo
Anonymous Logon S-1-5-7 Foreign Security Principal
Authenticated User S-1-5-11 Foreign Security Principal
Batch S-1-5-3 Foreign Security Principal
Creator Group S-1-3-1 Foreign Security Principal
Creator Owner S-1-3-0 Foreign Security Principal
Dialup S-1-5-1 Foreign Security Principal
Digest Authentication S-1-5-64-21 Foreign Security Principal
Enterprise Domain Controllers S-1-5-9 Foreign Security Principal
Everyone S-1-1-0 Foreign Security Principal
Interactive S-1-5-4 Foreign Security Principal
Local Service S-1-5-19 Foreign Security Principal
LocalSystem S-1-5-18 Foreign Security Principal
Network S-1-5-2 Foreign Security Principal
Network Service S-1-5-20 Foreign Security Principal
NTLM Authentication S-1-5-64-10 Foreign Security Principal
Other Organization S-1-5-1000 Foreign Security Principal
Principal Self S-1-5-10 Foreign Security Principal
Proxy S-1-5-8 Foreign Security Principal
Remote Interactive Logon S-1-5-14 Foreign Security Principal
Restricted Code S-1-5-12 Foreign Security Principal
SChannel Authentication S-1-5-64-14 Foreign Security Principal
Service S-1-5-6 Foreign Security Principal
Terminal Server User S-1-5-13 Foreign Security Principal
This Organization S-1-5-15 Foreign Security Principal

Referências:

https://technet.microsoft.com/en-us/library/cc779144(WS.10).aspx

https://support.microsoft.com/kb/243330