Overview#NT-Sec-Desc (Security Descriptor) is a LDAPSyntaxes for Microsoft Active Directory with an OID of 220.127.116.11 AND 1.2.840.113518.104.22.1687
- an object's owner by its Security Identifier (SID).
- If Access Control is configured for the object, the Security Descriptor contains a Discretionary Access Control List (DACL) with SIDs for the security principals who are allowed or denied access.
Applications use NT-Sec-Desc to set and query an object's security status. The Security Descriptor is used to guard access to an object as well as to control which type of auditing takes place when the object is accessed. The Security Descriptor format is specified in MS-DTYP section 2.4.6; a string representation of Security Descriptors, called Security Descriptor Description Language SDDL, is specified in MS-DTYP section 2.5.1.
NT-Sec-Desc is an Octet String
NT-Sec-Desc is defined in Draft-armijo-ldap-syntax-00 as:
Object-Security-Descriptor: 1.2.840.113522.214.171.1247 Encoded as an Octet-String (OID 126.96.36.199.4.1.14188.8.131.52.40)]