0 out of 1 rated this helpful - Rate this topic

3.1.1.3.2 rootDSE Attributes

Note: Some of the information in this section is subject to change because it applies to a preliminary implementation of the protocol or structure. For information about specific differences between versions, see the behavior notes that are provided in the Product Behavior appendix.

This section specifies the readable attributes on the rootDSE of Microsoft Windows® 2000 operating system, Windows Server® 2003 operating system, Active Directory® Application Mode (ADAM), Windows Server® 2008 operating system, Windows Server® 2008 R2 operating system, and Windows Server® 8 Beta operating system DCs (both AD DS and AD LDS).

All of these rootDSE attributes are read-only; an LDAP request to modify any of them will be rejected with the error unwillingToPerform / <unrestricted>.

The rootDSE attributes are not described by the schema, but occurrences of rootDSE attribute names are underlined in this document as per the convention for any other LDAP attribute.

The following table specifies which of these rootDSE attributes are supported by each Microsoft Windows® Server operating system or ADAM version.

Attribute name	Windows 2000	Windows Server 2003	ADAM	Windows Server 2008 AD DS	Windows Server 2008 AD LDS	Windows Server 2008 R2 AD DS	Windows Server 2008 R2 AD LDS	Windows Server 8 Beta AD DS	Windows Server 8 Beta AD LDS
configurationNamingContext	X	X	X	X	X	X	X	X	X
currentTime	X	X	X	X	X	X	X	X	X
defaultNamingContext	X	X	X	X	X	X	X	X	X
dNSHostName	X	X	X	X	X	X	X	X	X
dsSchemaAttrCount	X	X	X	X	X	X	X	X	X
dsSchemaClassCount	X	X	X	X	X	X	X	X	X
dsSchemaPrefixCount	X	X	X	X	X	X	X	X	X
dsServiceName	X	X	X	X	X	X	X	X	X
highestCommittedUSN	X	X	X	X	X	X	X	X	X
isGlobalCatalogReady	X	X		X		X		X
isSynchronized	X	X	X	X	X	X	X	X	X
ldapServiceName	X	X		X		X		X
namingContexts	X	X	X	X	X	X	X	X	X
netlogon	X	X		X		X		X
pendingPropagations	X	X	X	X	X	X	X	X	X
rootDomainNamingContext	X	X		X		X		X
schemaNamingContext	X	X	X	X	X	X	X	X	X
serverName	X	X	X	X	X	X	X	X	X
subschemaSubentry	X	X	X	X	X	X	X	X	X
supportedCapabilities	X	X	X	X	X	X	X	X	X
supportedControl	X	X	X	X	X	X	X	X	X
supportedLDAPPolicies	X	X	X	X	X	X	X	X	X
supportedLDAPVersion	X	X	X	X	X	X	X	X	X
supportedSASLMechanisms	X	X	X	X	X	X	X	X	X
domainControllerFunctionality		X	X	X	X	X	X	X	X
domainFunctionality		X		X		X		X
forestFunctionality		X	X	X	X	X	X	X	X
msDS-ReplAllInboundNeighbors		X	X	X	X	X	X	X	X
msDS-ReplAllOutboundNeighbors		X	X	X	X	X	X	X	X
msDS-ReplConnectionFailures		X	X	X	X	X	X	X	X
msDS-ReplLinkFailures		X	X	X	X	X	X	X	X
msDS-ReplPendingOps		X	X	X	X	X	X	X	X
msDS-ReplQueueStatistics		X	X	X	X	X	X	X	X
msDS-TopQuotaUsage		X	X	X	X	X	X	X	X
supportedConfigurableSettings		X	X	X	X	X	X	X	X
supportedExtension		X	X	X	X	X	X	X	X
validFSMOs		X	X	X	X	X	X	X	X
dsaVersionString			X	X	X	X	X	X	X
msDS-PortLDAP			X	X	X	X	X	X	X
msDS-PortSSL			X	X	X	X	X	X	X
msDS-PrincipalName			X	X	X	X	X	X	X
serviceAccountInfo			X	X	X	X	X	X	X
spnRegistrationResult			X	X	X	X	X	X	X
tokenGroups			X	X	X	X	X	X	X
usnAtRifm				X	X	X	X	X	X

The following table shows, for each rootDSE attribute, whether or not the attribute is operational (that is, whether the server returns the attribute only when it is explicitly requested) and the LDAP syntax of the returned value.

Attribute name	Operational?	LDAP syntax
configurationNamingContext	N	Object(DS-DN)
currentTime	N	String(Generalized-Time)
defaultNamingContext	N	Object(DS-DN)
dNSHostName	N	String(Unicode)
dsSchemaAttrCount	Y	Integer
dsSchemaClassCount	Y	Integer
dsSchemaPrefixCount	Y	Integer
dsServiceName	N	Object(DS-DN)
highestCommittedUSN	N	LargeInteger
isGlobalCatalogReady	N	Boolean
isSynchronized	N	Boolean
ldapServiceName	N	String(Unicode)
namingContexts	N	Object(DS-DN)
netlogon	Y	String(Octet)
pendingPropagations	Y	Object(DS-DN)
rootDomainNamingContext	N	Object(DS-DN)
schemaNamingContext	N	Object(DS-DN)
serverName	N	Object(DS-DN)
subschemaSubentry	N	Object(DS-DN)
supportedCapabilities	N	String(Object-Identifier)
supportedControl	N	String(Object-Identifier)
supportedLDAPPolicies	N	String(Unicode)
supportedLDAPVersion	N	Integer
supportedSASLMechanisms	N	String(Unicode)
domainControllerFunctionality	N	Integer
domainFunctionality	N	Integer
forestFunctionality	N	Integer
msDS-ReplAllInboundNeighbors	Y	String(Unicode)*
msDS-ReplAllOutboundNeighbors	Y	String(Unicode)*
msDS-ReplConnectionFailures	Y	String(Unicode)*
msDS-ReplLinkFailures	Y	String(Unicode)*
msDS-ReplPendingOps	Y	String(Unicode)*
msDS-ReplQueueStatistics	Y	String(Unicode)*
msDS-TopQuotaUsage	Y	String(Unicode)**
supportedConfigurableSettings	Y	String(Unicode)
supportedExtension	Y	String(Object-Identifier)
validFSMOs	Y	Object(DS-DN)
dsaVersionString	Y	String(Unicode)
msDS-PortLDAP	Y	Integer
msDS-PortSSL	Y	Integer
msDS-PrincipalName	Y	String(Unicode)
serviceAccountInfo	Y	String(Unicode)
spnRegistrationResult	Y	Integer
tokenGroups	Y	String (SID)
usnAtRifm	Y	LargeInteger

* These values contain XML. At the client's request, the server will return the value as binary data in String(Octet) syntax instead.

** This value contains XML.

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)