Schema Extension Overview

dp-User-Credentials-Data

Stores fingerprint registration templates for the user.

dp-User-Account-Control

Specifies the flags to control fingerprint credentials behavior for the user.

dp-User-Private-Data

Stores the application secure data of the user.

dp-Servers-Data

Stores configuration data for all authentication servers in a particular domain.

dp-License

Stores the license for all servers in the Active Directory forest.

dp-User-Logon-Policy

Stores user logon policy information.

dp-User-Public-Key

Stores the user’s public key.

dp-User-Payload

Stores the user’s unified key data.

dp-User-Recovery-Key

Stores the user’s recovery key.

dp-User-Data-Type

Stores the type of the user data stored in the dp-User-Private-Data attribute.

dp-Lockout-Time

Stores the date and time (UTC) that this account was locked out. This value is stored as a large integer that represents the number of 100 nanosecond intervals since January 1, 1601 (UTC). A value of zero means that the account is not currently locked out.

dp-Recovery-Password-Last-Set-Time

Stores data indicating the last time that the Recovery Password was set.

dp-Recovery-Password

Stores the computer’s recovery password.

dp-Master-Key

Stores the computer’s hard drive encryption key.

dp-Omit-Reasons

Stores the reasons credentials are omitted during an attended enrollment.

dp-Password-Manager-Data

Stores Password Manager data.

dp-Key

Stores the Time-based OTP key.

dp-OTP-Length

Stores the number of digits required in OTP code.

dp-OTP-Time-Interval

Stores the time interval for Time-based OTP.

dp-Servers-Configuration

Stores configuration information (settings) shared by all DigitalPersona Servers.

adminDisplayName

Display name of this object for use in directory service administrative tools.

adminDescription

Description of this object for use in directory service administrative tools

cn

Common name.

lDAPDisplayName

The name used by LDAP clients to refer to the object's class.

attributeID

A unique OID that identifies the attribute.

objectClass

The class of which this object is an instance.

objectCategory

Reference to an object class or one of its superclasses, which is used when searching for this object.

schemaIDGUID

A GUID that uniquely identifies this object. You can use this string value in an ACE to control access to objects of this object.

attributeSyntax

An OID of the syntax. The combination of the attributeSyntax and oMSyntax properties determines the syntax of an attribute.

oMSyntax

Syntax of this attribute as defined by the XAPIA XOM (X/Open Object Model) specification.

isSingleValued

TRUE means that the attribute has a single value, FALSE means that the attribute can have multiple values.

attributeSecurityGUID

An optional GUID that identifies the attribute as a member of an attribute set (also known as a property set).

isMemberOfPartialAttributeSet

TRUE means that the attribute is replicated to the global catalog.

FALSE means that the attribute is not included in the global catalog.

searchFlags

An integer value whose least significant bit indicates whether the attribute is indexed. The four bit flags in this value are:

1 = Index over attribute only

2 = Index over container and attribute

4 = Add this attribute to the Ambiguous Name Resolution set, used together with 0x0001

8 = Preserve this attribute in the tombstone object for deleted objects.

showInAdvancedViewOnly

TRUE means that the object will appear in the Advanced View of the Users and Computers snap-in only, but not in the Windows shell.

FALSE means that the object will appear in Normal view of the Users and Computers snap-in and the Windows shell

systemFlags

An integer value that contains flags that define additional properties of this object. Category 1 classes or attributes have the 0x10 bit set by the system and cannot be set by users. They are shipped with Active Directory.

For more information, see ADS_SYSETMFLAG_ENUM enumeration in ADSI Reference.

systemOnly

TRUE means that only Active Directory can modify the class of this object.

FALSE means users can make the modification as well.

dp-Authentication-Servers-Container

Object Class Container for Authentication Server objects.

dp-User-Secret

Object Class used to represent application secure data of user (i.e. user encryption key).

dp-Service-Configuration

Object Class used to represent global configuration information such as schema version and license.

dp-Authentication-Service-Connection-Point

Object Class used to represent Authentication Server. The class contains information about the Authentication Server version, service principal name, binding information etc.

dp-OTP-Token

Object Class used to represent Hardware OTP tokens.

adminDisplayName

Display name of this object for use in directory service administrative tools.

adminDescription

Description of this object for use in directory service administrative tools.

cn

lDAPDisplayName

The name used by LDAP clients to refer to the object's class.

objectClass

The class of which this object is an instance.

objectCategory

Reference to an object class or one of its superclasses, which is used when searching for this object.

objectClassCategory

1 means structural classes.

2 means abstract classes.

3 means auxiliary classes

defaultObjectCategory

Object-Category used in queries for objects of this class.

rDNAttID

Attribute name used as the Relative Distinguished Name (RDN) for this class.

subClassOf

Immediate superclass of this class.

systemAuxiliaryClass

Auxiliary classes that this class inherits from.

governsID

A unique OID identifying the class.

schemaIDGUID

A GUID that uniquely identifies this object. You can use this string value in an ACE to control access to objects of this object.

defaultSecurityDescriptor

The default security descriptor for new instances of this class.

defaultHidingValue

TRUE means that new object instances are hidden in the Administrative snap-ins and the Windows shell,

FALSE covers all other situations.

showInAdvancedViewOnly

TRUE means that the object will appear in the Advanced View of the Users and Computers snap-in only, but not in the Windows shell.

FALSE means that the object will appear in the Normal View of the Users and Computers snap-in and in the Windows shell.

systemPossSuperiors

Structural classes that can be containers of instances of this class. For the complete set of classes that can contain this class, you must include, in addition to any values shown on the left, those inherited from its superclasses as listed in the subClassOf attribute above.

systemOnly

TRUE means that only Active Directory can modify the class of this object.

FALSE means users can make the modification as well.

systemMustContain

Mandatory attributes that MUST be present on instances of this class. For the complete set of mandatory attributes for this class, you must, in addition to any values shown on the left, include those inherited from its superclasses as listed in the subClassOf attribute above and/or those derived from any of its auxiliary classes as specified in the systemAuxiliary attribute above and as inherited from its superclasses.

systemMayContain

Optional attributes that may be present on instances of this class. For the complete set of optional attributes for this class, you must include, in addition to any values shown on the left, those inherited from its superclasses as listed in the subClassOf attribute above and/or those derived from any of its auxiliary classes as specified in the systemAuxiliary attribute above and as inherited from its superclasses.