2.1 Endpoints

This section specifies the Web Service endpoints that are used by protocols in the ADWS protocol set. ADWS exposes protocols that can be accessed via an endpoint. Each endpoint can be uniquely identified by a Uniform Resource Identifier (URI). The URIs for the ADWS protocols are shown in the following table. All endpoints use the "net.tcp" URI binding type. For semantics of this binding type, see [MS-NMFTB].

Endpoint URI

Protocol exposed by endpoint

Authentication mechanism (see below)

net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/Resource

[WXFR], [MS-WSTIM]

Windows Integrated

net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/ResourceFactory

[MS-WSTIM]

Windows Integrated

net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/Enumeration

[WSENUM], [MS-WSDS]

Windows Integrated

net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/AccountManagement

[MS-ADCAP]

Windows Integrated

net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/TopologyManagement

[MS-ADCAP]

Windows Integrated

net.tcp://localhost:9389/ActiveDirectoryWebServices/UserName/Resource

[WXFR], [MS-WSTIM]

Username/password

net.tcp://localhost:9389/ActiveDirectoryWebServices/UserName/ResourceFactory

[MS-WSTIM]

Username/password

net.tcp://localhost:9389/ActiveDirectoryWebServices/UserName/Enumeration

[WSENUM], [MS-WSDS]

Username/password

net.tcp://localhost:9389/ActiveDirectoryWebServices/UserName/AccountManagement

[MS-ADCAP]

Username/password

net.tcp://localhost:9389/ActiveDirectoryWebServices/UserName/TopologyManagement

[MS-ADCAP]

Username/password

net.tcp://localhost:9389/ActiveDirectoryWebServices/mex

[WSMETA]

None

In the preceding table, "localhost" represents the DNS hostname of the server hosting the endpoint. All endpoints listen on TCP port 9389.

The ADWS protocol set uses two types of authentication. Each endpoint (except for the "mex" endpoint) supports one or the other. The forms of authentication are:

  • Windows Integrated: These endpoints use Transport Layer Security (TLS) [RFC4346] to protect the TCP transport. Integrated Windows authentication using the .Net Negotiate Stream protocol [MS-NNS] is used to authenticate the client to the server at the transport layer and to negotiate the session key used for TLS.

  • Username/password: These endpoints use TLS to protect the TCP transport. TLS is used to negotiate a session key to protect the TCP transport. The client authenticates (at the message layer) to the server by providing a plaintext username and password, as documented in WS-Security [WSS] and the WS-Security UserNameToken profile [WSSUTP1.1].

The "mex" endpoint neither requires nor supports authentication.

Show: