4.1.3 Example of GetADPrincipalAuthorizationGroup

In this section, there is an example of a GetADPrincipalAuthorizationGroup request and a GetADPrincipalAuthorizationGroup response.

GetADPrincipalAuthorizationGroup SOAP request:

 <soapenv:Envelope
     xmlns:wsa="http://www.w3.org/2005/08/addressing"
     xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
   <soapenv:Header>
     <wsa:Action soapenv:mustUnderstand="1">
       http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions/AccountManagement/GetADPrincipalAuthorizationGroup
     </wsa:Action>
     <ca:Server
         xmlns="http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions"
         xmlns:ca="http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions">
       ldap:389
     </ca:Server>
     <wsa:MessageID>
       urn:uuid:b32c2fe6-2a13-441a-b141-b398ca0fd08b
     </wsa:MessageID>
     <wsa:ReplyTo>
       <wsa:Address>
         http://www.w3.org/2005/08/addressing/anonymous
       </wsa:Address>
     </wsa:ReplyTo>
     <wsa:To soapenv:mustUnderstand="1">net.tcp://server01.fabrikam.com:9389/ActiveDirectoryWebServices/Windows/AccountManagement</wsa:To>
   </soapenv:Header>
   <soapenv:Body
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <GetADPrincipalAuthorizationGroupRequest
         xmlns="http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions">
       <PartitionDN>
         DC=fabrikam,DC=com
       </PartitionDN>
       <PrincipalDN>
         CN=server01,OU=Domain Controllers,DC=fabrikam,DC=com
       </PrincipalDN>
     </GetADPrincipalAuthorizationGroupRequest>
   </soapenv:Body>
 </soapenv:Envelope>

GetADPrincipalAuthorizationGroup SOAP response:

  
 <soapenv:Envelope
     xmlns:wsa="http://www.w3.org/2005/08/addressing"
     xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
   <soapenv:Header>
     <wsa:Action soapenv:mustUnderstand="1">
       http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions/AccountManagement/GetADPrincipalAuthorizationGroupResponse
     </wsa:Action>
     <wsa:RelatesTo>urn:uuid:b32c2fe6-2a13-441a-b141-b398ca0fd08b</wsa:RelatesTo>
     <wsa:To soapenv:mustUnderstand="1">
       http://www.w3.org/2005/08/addressing/anonymous
     </wsa:To>
   </soapenv:Header>
   <soapenv:Body>
     <GetADPrincipalAuthorizationGroupResponse
         xmlns="http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions">
       <MemberOf xmlns:xs="http://www.w3.org/2001/XMLSchema-instance">
         <ActiveDirectoryGroup>
           <DistinguishedName>CN=Domain Controllers,CN=Users,DC=fabrikam,DC=com</DistinguishedName>
           <Name>Domain Controllers</Name>
           <ObjectClass>group</ObjectClass>
           <ObjectGuid>88425dd0-3ef9-4765-a03e-884b9f2eebb5</ObjectGuid>
           <ObjectTypes xmlns:sera="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
             <sera:string>top</sera:string>
             <sera:string>group</sera:string>
           </ObjectTypes>
           <ReferenceServer>fabrikam.com</ReferenceServer>
           <SID>AQUAAAAAAAUVAAAAfoPolY9ew2y2Bh7yBAIAAA==</SID>
           <SamAccountName>Domain Controllers</SamAccountName>
           <GroupScope>Global</GroupScope>
           <GroupType>
             Security
           </GroupType>
         </ActiveDirectoryGroup>
         <ActiveDirectoryGroup>
           <DistinguishedName xs:nil="true">
           </DistinguishedName>
           <Name>Everyone</Name>
           <ObjectClass xs:nil="true">
           </ObjectClass>
           <ObjectGuid>00000000-0000-0000-0000-000000000000</ObjectGuid>
           <ObjectTypes xmlns:sera="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
           </ObjectTypes><ReferenceServer>fabrikam.com
           </ReferenceServer>
           <SID>AQEAAAAAAAEAAAAA</SID>
           <SamAccountName>Everyone</SamAccountName>
           <GroupScope>DomainLocal</GroupScope>
           <GroupType>Security</GroupType>
         </ActiveDirectoryGroup>
         <ActiveDirectoryGroup>
           <DistinguishedName>CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=fabrikam,DC=com</DistinguishedName>
           <Name>Pre-Windows 2000 Compatible Access</Name>
           <ObjectClass>group</ObjectClass>
           <ObjectGuid>5d854c1b-9f36-4132-8628-8dd9930c6dc9</ObjectGuid>
           <ObjectTypes xmlns:sera="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
             <sera:string>top</sera:string>
             <sera:string>group</sera:string>
           </ObjectTypes>
           <ReferenceServer>fabrikam.com</ReferenceServer>
           <SID>AQIAAAAAAAUgAAAAKgIAAA==</SID>
           <SamAccountName>Pre-Windows 2000 Compatible Access</SamAccountName>
           <GroupScope>DomainLocal</GroupScope>
           <GroupType>Security</GroupType>
         </ActiveDirectoryGroup>
         <ActiveDirectoryGroup>
           <DistinguishedName>CN=Users,CN=Builtin,DC=fabrikam,DC=com</DistinguishedName>
           <Name>Users</Name>
           <ObjectClass>group</ObjectClass>
           <ObjectGuid>ccb22c0e-91f3-4fb5-b790-fef0523de6f5</ObjectGuid>
           <ObjectTypes xmlns:sera="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
             <sera:string>top</sera:string>
             <sera:string>group</sera:string>
           </ObjectTypes>
           <ReferenceServer>fabrikam.com</ReferenceServer>
           <SID>AQIAAAAAAAUgAAAAIQIAAA==</SID>
           <SamAccountName>Users</SamAccountName>
           <GroupScope>DomainLocal</GroupScope>
           <GroupType>Security</GroupType>
         </ActiveDirectoryGroup>
         <ActiveDirectoryGroup>
           <DistinguishedName>CN=Windows Authorization Access Group,CN=Builtin,DC=fabrikam,DC=com</DistinguishedName>
           <Name>Windows Authorization Access Group</Name>
           <ObjectClass>group</ObjectClass>
           <ObjectGuid>9c6b0e66-7e63-4c36-8ec8-b02132112877</ObjectGuid>
           <ObjectTypes xmlns:sera="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
             <sera:string>top</sera:string>
             <sera:string>group</sera:string>
           </ObjectTypes>
           <ReferenceServer>fabrikam.com</ReferenceServer>
           <SID>AQIAAAAAAAUgAAAAMAIAAA==</SID>
           <SamAccountName>Windows Authorization Access Group</SamAccountName>
           <GroupScope>DomainLocal</GroupScope>
           <GroupType>Security</GroupType>
         </ActiveDirectoryGroup>
         <ActiveDirectoryGroup>
           <DistinguishedName xs:nil="true"></DistinguishedName>
           <Name>Authenticated Users</Name>
           <ObjectClass xs:nil="true"></ObjectClass>
           <ObjectGuid>00000000-0000-0000-0000-000000000000</ObjectGuid>
           <ObjectTypes xmlns:sera="http://schemas.microsoft.com/2003/10/Serialization/Arrays"></ObjectTypes>
           <ReferenceServer>fabrikam.com</ReferenceServer>
           <SID>AQEAAAAAAAULAAAA</SID>
           <SamAccountName>Authenticated Users</SamAccountName>
           <GroupScope>DomainLocal</GroupScope>
           <GroupType>Security</GroupType>
         </ActiveDirectoryGroup>
         <ActiveDirectoryGroup>
           <DistinguishedName xs:nil="true"></DistinguishedName>
           <Name>This Organization</Name>
           <ObjectClass xs:nil="true"></ObjectClass>
           <ObjectGuid>00000000-0000-0000-0000-000000000000</ObjectGuid>
           <ObjectTypes xmlns:sera="http://schemas.microsoft.com/2003/10/Serialization/Arrays"></ObjectTypes>
           <ReferenceServer>fabrikam.com</ReferenceServer>
           <SID>AQEAAAAAAAUPAAAA</SID>
           <SamAccountName>This Organization</SamAccountName>
           <GroupScope>DomainLocal</GroupScope>
           <GroupType>Security</GroupType>
         </ActiveDirectoryGroup>
         <ActiveDirectoryGroup>
           <DistinguishedName xs:nil="true"></DistinguishedName>
           <Name>ENTERPRISE DOMAIN CONTROLLERS</Name>
           <ObjectClass xs:nil="true"></ObjectClass>
           <ObjectGuid>00000000-0000-0000-0000-000000000000</ObjectGuid>
           <ObjectTypes xmlns:sera="http://schemas.microsoft.com/2003/10/Serialization/Arrays"></ObjectTypes>
           <ReferenceServer>fabrikam.com</ReferenceServer>
           <SID>AQEAAAAAAAUJAAAA</SID>
           <SamAccountName>ENTERPRISE DOMAIN CONTROLLERS</SamAccountName>
           <GroupScope>DomainLocal</GroupScope>
           <GroupType>Security</GroupType>
         </ActiveDirectoryGroup>
         <ActiveDirectoryGroup>
           <DistinguishedName>CN=Denied RODC Password Replication Group,CN=Users,DC=fabrikam,DC=com</DistinguishedName>
           <Name>Denied RODC Password Replication Group</Name>
           <ObjectClass>group</ObjectClass>
           <ObjectGuid>61c2546b-9511-41a1-834b-7f1e10129b87</ObjectGuid>
           <ObjectTypes xmlns:sera="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
             <sera:string>top</sera:string>
             <sera:string>group</sera:string>
           </ObjectTypes>
           <ReferenceServer>fabrikam.com</ReferenceServer>
           <SID>AQUAAAAAAAUVAAAAfoPolY9ew2y2Bh7yPAIAAA==</SID>
           <SamAccountName>Denied RODC Password Replication Group</SamAccountName>
           <GroupScope>DomainLocal</GroupScope>
           <GroupType>Security</GroupType>
         </ActiveDirectoryGroup>
         <ActiveDirectoryGroup>
           <DistinguishedName xs:nil="true"></DistinguishedName>
           <Name>Medium Plus Mandatory Level</Name>
           <ObjectClass xs:nil="true"></ObjectClass>
           <ObjectGuid>00000000-0000-0000-0000-000000000000</ObjectGuid>
           <ObjectTypes xmlns:sera="http://schemas.microsoft.com/2003/10/Serialization/Arrays"></ObjectTypes>
           <ReferenceServer>fabrikam.com</ReferenceServer>
           <SID>AQEAAAAAABAAIQAA</SID>
           <SamAccountName>Medium Plus Mandatory Level</SamAccountName>
           <GroupScope>DomainLocal</GroupScope>
           <GroupType>Security</GroupType>
         </ActiveDirectoryGroup>
       </MemberOf>
     </GetADPrincipalAuthorizationGroupResponse>
   </soapenv:Body>
 </soapenv:Envelope>
Show: