Active Directory is a server for LDAP. This section specifies the extensions and variations of LDAP that are supported by Active Directory. Except as otherwise noted, all material applies to both AD DS and AD LDS. Also, except as noted, all information applies to all versions of AD DS and AD LDS.

This section is structured as follows:

  • Section documents the interpretation of the LDAP RFCs made by Active Directory and deviations from the LDAP RFCs.

  • The rootDSE (empty DN) is a mechanism for clients of an LDAP server to interact with the server itself, rather than with particular objects contained by the server. Section specifies the rootDSE reads supported by Active Directory, and section specifies the rootDSE updates.

  • LDAP has several extension mechanisms in addition to the rootDSE. Section specifies the LDAP extensions that Active Directory supports.