| Code | Field | Name | Description |
|---|---|---|---|
| 0x1 | Active Directory Access Codes and Rights | Create Child | The right to create child objects of the object. |
| 0x2 | Active Directory Access Codes and Rights | Delete Child | The right to delete child objects of the object. |
| 0x4 | Active Directory Access Codes and Rights | List Contents | The right to list child objects of this object. |
| 0x8 | Active Directory Access Codes and Rights | SELF | The right to perform an operation controlled by a validated write access right. |
| 0x10 | Active Directory Access Codes and Rights | Read Property | The right to read properties of the object. |
| 0x20 | Active Directory Access Codes and Rights | Write Property | The right to write properties of the object. |
| 0x40 | Active Directory Access Codes and Rights | Delete Tree | Delete all children of this object, regardless of the permissions of the children. It is indicates that “Use Delete Subtree server control” check box was checked during deletion. This operation means that all objects within the subtree, including all delete-protected objects, will be deleted. |
| 0x80 | Active Directory Access Codes and Rights | List Object | The right to list a particular object. |
| 0x100 | Active Directory Access Codes and Rights | Control Access | Access allowed only after extended rights checks supported by the object are performed. The right to perform an operation controlled by an extended access right. |
| 0x10000 | Active Directory Access Codes and Rights | DELETE | The right to delete the object. DELETE also generated when object was moved. |
| 0x20000 | Active Directory Access Codes and Rights | READ_CONTROL | The right to read data from the security descriptor of the object, not including the data in the SACL. |
| 0x40000 | Active Directory Access Codes and Rights | WRITE_DAC | The right to modify the discretionary access-control list (DACL) in the object security descriptor. |
| 0x80000 | Active Directory Access Codes and Rights | WRITE_OWNER | The right to assume ownership of the object. The user must be an object trustee. The user cannot transfer the ownership to other users. |
| 0x100000 | Active Directory Access Codes and Rights | SYNCHRONIZE | The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. |
| 0x1000000 | Active Directory Access Codes and Rights | ADS_RIGHT_ACCESS_SYSTEM_SECURITY | The right to get or set the SACL in the object security descriptor. |
| 0x80000000 | Active Directory Access Codes and Rights | ADS_RIGHT_GENERIC_READ | The right to read permissions on this object, read all the properties on this object, list this object name when the parent container is listed, and list the contents of this object if it is a container. |
| 0x40000000 | Active Directory Access Codes and Rights | ADS_RIGHT_GENERIC_WRITE | The right to read permissions on this object, write all the properties on this object, and perform all validated writes to this object. |
| 0x20000000 | Active Directory Access Codes and Rights | ADS_RIGHT_GENERIC_EXECUTE | The right to read permissions on, and list the contents of, a container object. |
| 0x10000000 | Active Directory Access Codes and Rights | ADS_RIGHT_GENERIC_ALL | The right to create or delete child objects, delete a subtree, read and write properties, examine child objects and the object itself, add and remove the object from the directory, and read or write with an extended right. |