Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This protocol enables create, read, update, and delete semantics over an account domain, as described in [MS-AUTHSOD] section 1.1.1.5. Five abstract objects are exposed through this protocol: server, domain, group, alias, and user. User, group, and alias objects can be created and deleted; all objects can be updated and read.
This specification uses the Active Directory data model, as specified in the entire document of [MS-ADTS], for the server of this protocol. The attribute names specified in this section are normative for the DC configuration. Section 3.1.1 contains a brief overview of that data model that is relevant to this protocol.
Because the behavior of this protocol is very similar between the DC and non-DC configurations, the Active Directory data model is also used for the non-DC configuration. However, when implementing this protocol for the non-DC scenario, the names of attributes in the data model are not normative. For example, it is conceivable that the backing store in a non-DC configuration could be a text file written and read solely by the server of this protocol.