What does samAccountType in groups of Active Directory mean?

c# active-directory ldap active-directory-group

10,654

Solution 1

SAM-Account-Name (mentioned in your question's title) is the short name of the group.

It's there to provide compatibility with Windows NT 4 / Windows 98 systems, where account names (including group names) were limited to 19 characters.

SAM-Account-Type (mentioned in your question's body) is the account type. It can take the following values:

SAM_DOMAIN_OBJECT              0x0
SAM_GROUP_OBJECT               0x10000000
SAM_NON_SECURITY_GROUP_OBJECT  0x10000001
SAM_ALIAS_OBJECT               0x20000000
SAM_NON_SECURITY_ALIAS_OBJECT  0x20000001
SAM_USER_OBJECT                0x30000000
SAM_MACHINE_ACCOUNT            0x30000001
SAM_TRUST_ACCOUNT              0x30000002
SAM_APP_BASIC_GROUP            0x40000000
SAM_APP_QUERY_GROUP            0x40000001

Not surprisingly (since you're working with groups), the numbers in your question map to SAM_GROUP_OBJECT, SAM_NON_SECURITY_GROUP_OBJECT and SAM_ALIAS_OBJECT, respectively.

Solution 2

It's an identifier for the object type, See here.

10,654

Author by

Farzad J

Updated on June 22, 2022

Comments

Farzad J almost 2 years
I'm using this query by C# in Active Directory:
```
DirectoryEntry de = new DirectoryEntry("LDAP://" + this.rootLDAP);
DirectorySearcher ds = new DirectorySearcher(de, "(&(objectcategory=Group))");
```
It works just fine.

But one of the properties which it returns is called "samAccountType" and it has the below values :
```
268435456
268435457
536870912
```
What does it mean?