Export (0) Print
Expand All

1 Introduction

This is the primary specification for Active Directory, both Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). The state model for this specification is prerequisite to the other specifications for Active Directory: [MS-DRSR] and [MS-SRPL].

When no operating system version information is specified, information in this document applies to all relevant versions of Windows. Similarly, when no DC functional level is specified, information in this document applies to all DC functional levels.

Unless otherwise specified, information in this specification is also applicable to Active Directory Application Mode (ADAM). ADAM is a standalone application that provides AD LDS capabilities on Windows XP operating system and Windows Server 2003 operating system. There are two versions of ADAM, ADAM RTW and ADAM SP1; unless otherwise specified, where ADAM is discussed in this document it refers to both versions.

Information that is applicable to AD LDS on Windows Server 2008 operating system is also applicable to Active Directory Lightweight Directory Services (AD LDS) for Windows Vista, except where it is explicitly specified that such information is not applicable to that product. AD LDS for Windows Vista is a standalone application that provides AD LDS capabilities for Windows Vista operating system. Similarly, unless it is explicitly specified otherwise, information that is applicable to AD LDS on Windows Server 2008 R2 operating system is also applicable to the standalone application Active Directory Lightweight Directory Services (AD LDS) for Windows 7, which provides AD LDS capabilities for Windows 7 operating system. Similarly, unless it is explicitly specified otherwise, information that is applicable to AD LDS on Windows Server 2012 operating system is also applicable to the stand-alone application Active Directory Lightweight Directory Services (AD LDS) for Windows 8 operating system, which provides AD LDS capabilities for Windows 8 operating system. Finally, unless it is explicitly specified otherwise, information that is applicable to AD LDS on Windows Server 2012 R2 operating system is also applicable to the stand-alone application Active Directory Lightweight Directory Services (AD LDS) for Windows 8.1 operating system, which provides AD LDS capabilities for Windows 8.1 operating system.

State is included in the state model for this specification only as necessitated by the requirement that a licensee implementation of Windows Server protocols be able to receive messages and respond in the same manner as a Windows Server. Behavior is specified in terms of request message received, processing based on current state, resulting state transformation, and response message sent. Unless otherwise specified in the sections that follow, all of the behaviors are required for interoperability.

The following typographical convention is used to indicate the special meaning of certain names:

For clarity, bit flags are sometimes shown as bit field diagrams. In the case of bit flags for Lightweight Directory Access Protocol (LDAP) attributes, these diagrams take on big-endian characteristics but do not reflect the actual byte ordering of integers over the wire, because LDAP transfers an integer as the UTF-8 string of the decimal representation of that integer, as specified in [RFC2252].

Pervasive Concepts

The following concepts are pervasive throughout this specification.

This specification uses [KNUTH1] section 2.3.4.2 as a reference for the graph-related terms oriented tree, root, vertex, arc, initial vertex, and final vertex.

replica: A variable containing a set of objects.

attribute: An identifier for a value or set of values. See also attribute in the Glossary section.

object: A set of attributes, each with its associated values. Two attributes of an object have special significance:

  • Identifying attribute. A designated single-valued attribute appears on every object; the value of this attribute identifies the object. For the set of objects in a replica, the values of the identifying attribute are distinct.

  • Parent-identifying attribute. A designated single-valued attribute appears on every object; the value of this attribute identifies the object's parent. That is, this attribute contains the value of the parent's identifying attribute, or a reserved value identifying no object (for more information, see section 3.1.1.1.3). For the set of objects in a replica, the values of this parent-identifying attribute define an oriented tree with objects as vertices and child-parent references as directed arcs, with the child as an arc's initial vertex and the parent as an arc's final vertex.

Note that an object is a value, not a variable; a replica is a variable. The process of adding, modifying, or deleting an object in a replica replaces the entire value of the replica with a new value.

As the word replica suggests, it is often the case that two replicas contain "the same objects." In this usage, objects in two replicas are considered "the same" if they have the same value of the identifying attribute and if there is a process in place (replication) to converge the values of the remaining attributes. When the members of a set of replicas are considered to be the same, it is common to say "an object" as a shorthand way of referring to the set of corresponding objects in the replicas.

object class: A set of restrictions on the construction and update of objects. An object class must be specified when creating an object. An object class specifies a set of must-have attributes (every object of the class must have at least one value of each) and may-have attributes (every object of the class may have a value of each). An object class also specifies a set of possible superiors (the parent object of an object of the class must have one of these classes). An object class is defined by a classSchema object.

parent object: See "object", above.

child object, children: An object that is not the root of its oriented tree. The children of an object o is the set of all objects whose parent is o.

See section 3.1.1.1.3 for the particular use made of these definitions in this specification.

Sections 1.8, 2, and 3 of this specification are normative and can contain the terms MAY, SHOULD, MUST, MUST NOT, and SHOULD NOT as defined in RFC 2119. Sections 1.5 and 1.9 are also normative but cannot contain those terms. All other sections and examples in this specification are informative.

 
Show:
© 2014 Microsoft