Share via

2.219 Attribute msDS-AllowedToDelegateTo

  • Article

For a given computer or user account, this attribute specifies the list of service principal names (SPN) corresponding to Windows services that can act on behalf of the computer or user account.

 cn: ms-DS-Allowed-To-Delegate-To
 ldapDisplayName: msDS-AllowedToDelegateTo
 attributeId: 1.2.840.113556.1.4.1787
 attributeSyntax: 2.5.5.12
 omSyntax: 64
 isSingleValued: FALSE
 schemaIdGuid: 800d94d7-b7a1-42a1-b14d-7cae1423d07f
 systemOnly: FALSE
 searchFlags: 0
 attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
 systemFlags: FLAG_SCHEMA_BASE_OBJECT
 schemaFlagsEx: FLAG_ATTR_IS_CRITICAL

Version-Specific Behavior: First implemented on Windows Server 2003 operating system.

The schemaFlagsEx attribute was added to this attribute definition in Windows Server 2008 operating system.