3.1.1.5.2.3 Special Classes and Attributes

This section defines three sets of object classes: LSA-specific object classes, SAM-specific object classes, and schema object classes. These sets are mentioned elsewhere in the specification, because special processing is applied to instances of these classes.

Each set includes both the specific object classes mentioned here and any subclasses of these object classes.

• LSA-specific object classes: secret, trustedDomain (originating updates only, in AD DS only).

• SAM-specific object classes: group, samDomain, samServer, user (originating updates only, in AD DS only).

• Schema object classes: attributeSchema, classSchema (originating and replicated updates).

This section also defines one set of attributes: foreign principal object (FPO)-enabled attributes. This set is mentioned elsewhere in the specification, because special processing is applied to instances of these attributes.

• FPO-enabled attributes: member, msDS-MembersForAzRole, msDS-NeverRevealGroup, msDS-NonMembers, msDS-RevealOnDemandGroup, msDS-ServiceAccount.