The Security Account Manager (SAM) Remote Protocol (Client-to-Server) provides management functionality for an account store or directory containing users and groups. Users should familiarize themselves with the following documents: Windows System Overview [MS-SYS], Windows Protocols Overview [MS-WPO], and Active Directory Technical Specification [MS-ADTS].
This protocol exposes the "account database" referred to in [MS-AUTHSOD] section 18.104.22.168, both for local and remote domains. This document specifies the behavior for local and remote domains by having a common data model for both scenarios: the Active Directory data model, as specified in [MS-ADTS]. In addition, this document specifies the differences in behavior between these scenarios when necessary.
Sections 1.8, 2, and 3 of this specification are normative and can contain the terms MAY, SHOULD, MUST, MUST NOT, and SHOULD NOT as defined in RFC 2119. Sections 1.5 and 1.9 are also normative but cannot contain those terms. All other sections and examples in this specification are informative.