Technology Summary for System.DirectoryServices.ActiveDirectory

  • Article

System.DirectoryServices.ActiveDirectory is a component of the .NET Framework that enables programs to perform Active Directory Domain Services management tasks related to partitions, schema, replication, trusts, and Active Directory Domain Services configuration.

System.DirectoryServices.ActiveDirectory is a simplified, straightforward interface to Active Directory Domain Services and AD LDS that is useful for application developers and system administrators who are automating common management tasks. While some of the functionality provided by this namespace is available through existing System.DirectoryServices classes, many tasks can be performed with fewer lines of code and less-detailed knowledge of Active Directory Domain Services when using System.DirectoryServices.ActiveDirectory.

Keywords

Active Directory Domain Services Management, Active Directory Domain Services Scripting, management application, Active Directory Domain Services Schema, replication, forests, trusts, AD LDS

System.DirectoryServices.ActiveDirectory

System.DirectoryServices

Many of the same tasks that can be accomplished with System.DirectoryServices.ActiveDirectory objects can also be accomplished with System.DirectoryServices objects. Classes in System.DirectoryServices provide general access to various directory services, including Active Directory Domain Services, LDAP-based directories, SAM, Novell Netware, and IIS directories. System.DirectoryServices.ActiveDirectory offers a simplified model for accessing and manipulating common Active Directory Domain Services-specific objects such as domains, schema properties, trust relationships, and replication schedules. A great percentage of the functionality that is provided by System.DirectoryServices.ActiveDirectory is not supported in System.DirectoryServices. Even when System.DirectoryServices does support equivalent functionality, because of the generalized nature of System.DirectoryServices, the application developer must write more code to perform the same operations.

System.DirectoryServices.Protocols

The System.DirectoryServices.Protocols namespace provides generic programmatic access and management of directory services through Lightweight Directory Access Protocol (LDAP) version 3.0 (V3) and Directory Services Markup Language (DSML) version 2.0 (V2) standards. System.DirectoryServices.Protocols provides the greatest level of control and highest performance for managed LDAP programming. As with System.DirectoryServices, System.DirectoryServices.Protocols is not designed specifically for Active Directory Domain Services and AD LDS tasks.

DSML Services for Windows

Directory Services Markup Language (DSML) Services for Windows enables applications to use XML documents to read from and write to Active Directory Domain Services using SOAP-DSML messages. When using this technology, COM objects such as the MS XML object are employed for processing messages. For DSML processing with .NET Native interfaces, use the interfaces in the System.DirectoryServices.Protocols namespace. For more information about DSML Services for Windows, see "DSML Services for Windows" in Directory Services, under the Win32 and COM Development SDK Documentation sub-heading in the MSDN Library.

Active Directory Domain Services COM Interfaces and Win32 Functions

Active Directory Domain Services COM interfaces and Win32 functions enable Win32-based programs to access Active Directory Domain Services-specific management objects and to integrate with the MMC Active Directory snap-in. These technologies interact with Active Directory Domain Services at a very low level of the directory and therefore usually require more complex programming than is needed to accomplish the same tasks with the System.DirectoryServices and System.DirectoryServices.ActiveDirectory namespaces. They also provide some functionality that is not offered by the managed classes, so the Active Directory Domain Services COM interfaces and Win32 functions must be used when implementing certain types of applications such as additions to MMC snap-in pages. For more information about these technologies, see “Active Directory Domain Services” in Directory Services, under the Win32 and COM Development SDK Documentation sub-heading in the MSDN Library.

ADSI

The Active Directory Service Interfaces (ADSI) are a set of Automation and non-Automation COM interfaces that provide access to Active Directory Domain Services-specific management objects, application objects, and the Active Directory Domain Services schema. The Automation interfaces in ADSI can be used for scripting. Languages such as C++, C# and VB.Net which also support non-Automation COM interfaces can use both types of interfaces for application development. For more information about ADSI, see "Active Directory Service Interfaces" in Directory Services, under the Win32 and COM Development SDK Documentation sub-heading in the MSDN Library.

LDAP

The Lightweight Directory Protocol (LDAP) API provides access to LDAP-based directories, including Active Directory Domain Services. It uses the standard LDAP protocol to access, search and manipulate directory entries. Like Active Directory Domain Services COM interfaces and Win32 functions, LDAP enables the developer to access objects through their directory paths. However, since LDAP has no inherent knowledge of the specific structure of Active Directory Domain Services, an LDAP-based Active Directory Domain Services application is usually more complex and involves more code than other approaches to Active Directory Domain Services application development. For more information about LDAP, see “Lightweight Directory Access Protocol” in Directory Services, under the Win32 and COM Development SDK Documentation sub-heading in the MSDN Library.

Background

The System.DirectoryServices.ActiveDirectory namespace contains a set of .NET classes that simplify the development of applications that manage and access the contents of Active Directory Domain Services.

Earlier releases of the .NET Framework enabled application developers to access Active Directory Domain Services entries with the System.DirectoryServices namespace. However, because System.DirectoryServices was developed to provide access to many different types of directory services, not just to Active Directory Domain Services, it did not contain classes that provided direct access to features specific to Active Directory Domain Services and AD LDS such as partitions (which consist of forests and domains) and topologies (which consist of sites, subnets, and sitelinks). These elements are accessible through System.DirectoryServices if the developer knows the path to the element of interest and correctly constructs the string representing the path, as are all objects stored in Active Directory Domain Services, but the System.DirectoryServices namespace itself has no awareness of the structure of Active Directory Domain Services. Additionally, sometimes two or more elements had to be retrieved or updated to accomplish Active Directory Domain Services administration tasks.

Due to increasing reliance on Active Directory Domain Services for directory services in many organizations, application developers needed a more straightforward way to access and update topology information and to control Active Directory Domain Services processes. This new mechanism would require only minimal knowledge of the internal structure of the Active Directory Domain Services schema, and it would allow developers to perform common Active Directory Domain Services-related tasks in as few lines of application code as possible. System.DirectoryServices.ActiveDirectory was designed to meet those needs.

Applications written with the .NET Framework can use System.DirectoryServices.ActiveDirectory classes such as Forest, Domain, and ActiveDirectorySiteLink to enumerate and explore the topology of an Active Directory Domain Services tree. The application developer needs to know only the position of an object in a hierarchy, such as that the domain named "sales" is in the "contoso.com" forest, in order to reference it using the System.DirectoryServices.ActiveDirectory classes. Similarly, the developer can inspect and control the progress of operations on Active Directory Domain Services through classes such as ReplicationOperation and query or modify the Active Directory Domain Services schema itself through classes such as ActiveDirectorySchema.

A developer might occasionally want to access additional functionality that is made available by System.DirectoryServices, while also taking advantage of the System.DirectoryServices.ActiveDirectory classes to navigate the Active Directory Domain Services topology. To facilitate this, an application can often obtain a reference to the actual DirectoryEntry object that corresponds to an object of interest in the System.DirectoryServices.ActiveDirectory namespace. The application can then use the DirectoryEntry object to access functionality, such as reading and writing Active Directory Domain Services entry security descriptors, that is available through classes in the System.DirectoryServices namespace.

For more information about the System.DirectoryServices and System.DirectoryServices.ActiveDirectory namespaces, see the .NET Framework Class Library Reference. The .NET Framework also contains general .NET Framework programming information.

An application uses instances of the topology-related classes in the System.DirectoryServices.ActiveDirectory namespace to access a specific topology object, such as a particular domain controller in a particular Active Directory Domain Services forest, or to enumerate the items in a collection of topology objects, such as all subnets in a site. These classes can also be used to query or update relationships between topology objects, such as forest and domain trusts.

An application uses instances of schema-related classes in the System.DirectoryServices.ActiveDirectory namespace to inspect Active Directory Domain Services schema elements and their attributes.

To monitor and configure replication, an application uses the replication-related classes in the System.DirectoryServices.ActiveDirectory namespace.

The following tables list the main classes that are used when developing applications related to certain functional areas. This is not a complete list of all classes in the namespace.

Technology Area Classes/interfaces/configuration elements

Connecting to an Active Directory Domain Services object store (a pre-requisite for other tasks)

DirectoryContext

Querying or modifying forest configuration data such as forest mode, trusts, machine roles and site lists

Forest

Querying or modifying domain configuration data such as domain mode, trusts, machine roles, and domain topology

Domain ,

DomainCollection ,

ActiveDirectoryPartition

Querying for an application partition’s domain controllers, replicas and security reference domain

ApplicationPartition , ApplicationPartitionCollection ,

ActiveDirectoryPartition

Querying or modifying Active Directory Domain Services or AD LDS directory server configuration data such as replication parameters, site membership and server metadata such as role; performing replication functions

DirectoryServer ,

DirectoryServerCollection ,

ADAMInstance , ADAMInstanceCollection ,

ConfigurationSet

Querying or modifying domain controller configuration data such as default partition, replication parameters, current time, highest USN, and global catalog status; listing all domain controllers; performing replication functions

DomainController , DomainControllerCollection

Querying global catalog configuration data such as the list of replicated properties; listing all global catalogs

GlobalCatalog , GlobalCatalogCollection

Querying and modifying the site to which a subnet is assigned

ActiveDirectorySubnet , ActiveDirectorySubnetCollection

Querying and modifying site information such as its bridgehead servers, adjacent sites, and the list of subnets in the site.

ActiveDirectorySite ,

ActiveDirectorySiteCollection

Querying for lists of all transports, site links, and site link bridges; setting parameters to bridge all site links or ignore replication schedule

ActiveDirectoryInterSiteTransport

Querying and modifying configuration data for site links and site link bridges

ActiveDirectorySiteLink ,

ActiveDirectorySiteLinkCollection ,

ActiveDirectorySiteLinkBridge

Querying replication metadata and values

ActiveDirectoryReplicationMetaData ,

AttributeMetaData,

AttributeMetadataCollection

Querying and modifying replication configuration data such as schedule, transport type, and connection availability

ReplicationConnection ,

ReplicationConnectionCollection

Querying replication process details such as pending operations, status, last successful sync time, and replication errors

ReplicationCursor ,

ReplicationCursorCollection ,

ReplicationNeighbor ,

ReplicationNeighborCollection ,

ReplicationOperation ,

ReplicationOperationCollection ,

ReplicationOperationInformation ,

ReplicationFailure ,

ReplicationFailureCollection

Querying schema configuration data, classes and properties; resetting schema cache after making schema changes

ActiveDirectorySchema

Querying and modifying schema class details

ActiveDirectorySchemaClass ,

ActiveDirectorySchemaClassCollection

Querying and modifying schema property details

ActiveDirectorySchemaProperty ,

ActiveDirectorySchemaPropertyCollection

Querying and modifying trust configuration information

ForestTrustDomainInformation ,

ForestTrustDomainInfoCollection ,

ForestTrustRelationshipCollision ,

ForestTrustRelationshipCollisionCollection ,

ForestTrustRelationshipInformation ,

TrustRelationshipInformation ,

TrustRelationshipInformationCollection

What's New

System.DirectoryServices.ActiveDirectory is a new, task-based class hierarchy that was introduced in Visual Studio 2005 that simplifies the process of adding Active Directory Domain Services and AD LDS related functionality to applications.

See Also

Concepts

System.DirectoryServices.ActiveDirectory Namespace Overview

Send comments about this topic to Microsoft.

Copyright © 2008 by Microsoft Corporation. All rights reserved.