3.1 Server Details
This protocol enables create, read, update, and delete semantics over an account domain, as described in [MS-AUTHSOD] section 220.127.116.11. Five abstract objects are exposed through this protocol: server, domain, group, alias, and user. User, group, and alias objects can be created and deleted; all objects can be updated and read.
This specification uses the Active Directory data model, as specified in the entire document of [MS-ADTS], for the server of this protocol. The attribute names specified in this section are normative for the DC configuration. Section 3.1.1 contains a brief overview of that data model that is relevant to this protocol.
Because the behavior of this protocol is very similar between the DC and non-DC configurations, the Active Directory data model is also used for the non-DC configuration. However, when implementing this protocol for the non-DC scenario, the names of attributes in the data model are not normative. For example, it is conceivable that the backing store in a non-DC configuration could be a text file written and read solely by the server of this protocol.