MS-DS-Per-User-Trust-Quota attribute
Article 12/14/2020
3 contributors
Feedback
In this article
Used to enforce a per-user quota for creating Trusted-Domain objects that are authorized by the new control access right, Create-Inbound-Forest-Trust. This attribute limits the number of Trusted-Domain objects that can be created by a single non-admin user.
Entry
Value
CN
MS-DS-Per-User-Trust-Quota
Ldap-Display-Name
msDS-PerUserTrustQuota
Size
-
Update Privilege
Domain administrator
Update Frequency
At forest creation and rarely after that.
Attribute-Id
1.2.840.113556.1.4.1788
System-Id-Guid
d161adf0-ca24-4993-a3aa-8b2c981302e8
Syntax
Enumeration
Implementations
Windows Server 2003
Entry
Value
Link-Id
-
MAPI-Id
-
System-Only
False
Is-Single-Valued
True
Is Indexed
False
In Global Catalog
False
NT-Security-Descriptor
O:BAG:BAD:S:
Range-Lower
-
Range-Upper
-
Search-Flags
0x00000000
System-Flags
0x00000010
Classes used in
Sam-Domain
Windows Server 2003 R2
Entry
Value
Link-Id
-
MAPI-Id
-
System-Only
False
Is-Single-Valued
True
Is Indexed
False
In Global Catalog
False
NT-Security-Descriptor
O:BAG:BAD:S:
Range-Lower
-
Range-Upper
-
Search-Flags
0x00000000
System-Flags
0x00000010
Classes used in
Sam-Domain
Windows Server 2008
Entry
Value
Link-Id
-
MAPI-Id
-
System-Only
False
Is-Single-Valued
True
Is Indexed
False
In Global Catalog
False
NT-Security-Descriptor
O:BAG:BAD:S:
Range-Lower
-
Range-Upper
-
Search-Flags
0x00000000
System-Flags
0x00000010
Classes used in
Sam-Domain
Windows Server 2008 R2
Entry
Value
Link-Id
-
MAPI-Id
-
System-Only
False
Is-Single-Valued
True
Is Indexed
False
In Global Catalog
False
NT-Security-Descriptor
O:BAG:BAD:S:
Range-Lower
-
Range-Upper
-
Search-Flags
0x00000000
System-Flags
0x00000010
Classes used in
Sam-Domain
Windows Server 2012
Entry
Value
Link-Id
-
MAPI-Id
-
System-Only
False
Is-Single-Valued
True
Is Indexed
False
In Global Catalog
False
NT-Security-Descriptor
O:BAG:BAD:S:
Range-Lower
-
Range-Upper
-
Search-Flags
0x00000000
System-Flags
0x00000010
Classes used in
Sam-Domain