1 Introduction

The Security Account Manager (SAM) Remote Protocol (Client-to-Server) provides management functionality for an account store or directory containing users and groups. Users should familiarize themselves with the following documents: Windows System Overview [MS-SYS-ARCHIVE], Windows Protocols Overview [MS-WPO], and Active Directory Technical Specification [MS-ADTS].

This protocol exposes the "account database" referred to in [MS-AUTHSOD] section, both for local and remote domains. This document specifies the behavior for local and remote domains by having a common data model for both scenarios: the Active Directory data model, as specified in [MS-ADTS]. In addition, this document specifies the differences in behavior between these scenarios when necessary.

Sections 1.5, 1.8, 1.9, 2, and 3 of this specification are normative. All other sections and examples in this specification are informative.