ࡱ > % a AW bjbj͚ I\I\n
4 4 D p l $ ra x @ 4# mW oW oW oW oW oW oW $ Dd f * W W H ,a mW mW . 9 A 8*UR . O; YW Ba 0 ra o= T $g $g A A $g A h W W ra $g 4 > r : [MS-ADCAP]: Active Directory Web Services: Custom Action Protocol
Intellectual Property Rights Notice for Open Specifications Documentation
Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies.
Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDLs, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications.
No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=214445" Open Specification Promise or the HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=214448" Community Promise. If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting HYPERLINK "mailto:iplg@microsoft.com" iplg@microsoft.com.
Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. For a list of Microsoft trademarks, visit HYPERLINK "http://www.microsoft.com/trademarks" www.microsoft.com/trademarks.
Fictitious Names. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted in this documentation are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
Revision Summary
DateRevision HistoryRevision ClassComments12/05/20080.1MajorInitial Availability01/16/20090.1.1EditorialRevised and edited the technical content.02/27/20091.0MajorUpdated and revised the technical content.04/10/20092.0MajorUpdated and revised the technical content.05/22/20093.0MajorUpdated and revised the technical content.07/02/20094.0MajorUpdated and revised the technical content.08/14/20095.0MajorUpdated and revised the technical content.09/25/20096.0MajorUpdated and revised the technical content.11/06/20097.0MajorUpdated and revised the technical content.12/18/20098.0MajorUpdated and revised the technical content.01/29/20109.0MajorUpdated and revised the technical content.03/12/201010.0MajorUpdated and revised the technical content.04/23/201011.0MajorUpdated and revised the technical content.06/04/201012.0MajorUpdated and revised the technical content.07/16/201013.0MajorSignificantly changed the technical content.08/27/201013.1MinorClarified the meaning of the technical content.10/08/201013.1No changeNo changes to the meaning, language, or formatting of the technical content.11/19/201013.1No changeNo changes to the meaning, language, or formatting of the technical content.01/07/201114.0MajorSignificantly changed the technical content.02/11/201114.0No changeNo changes to the meaning, language, or formatting of the technical content.03/25/201114.0No changeNo changes to the meaning, language, or formatting of the technical content.05/06/201114.0No changeNo changes to the meaning, language, or formatting of the technical content.06/17/201114.1MinorClarified the meaning of the technical content.09/23/201114.1No changeNo changes to the meaning, language, or formatting of the technical content.12/16/201115.0MajorSignificantly changed the technical content.03/30/201216.0MajorSignificantly changed the technical content.07/12/201216.0No changeNo changes to the meaning, language, or formatting of the technical content.10/25/201217.0MajorSignificantly changed the technical content.01/31/201317.1MinorClarified the meaning of the technical content.08/08/201318.0MajorSignificantly changed the technical content.11/14/201318.0No changeNo changes to the meaning, language, or formatting of the technical content.02/13/201418.0No changeNo changes to the meaning, language, or formatting of the technical content.05/15/201418.0No changeNo changes to the meaning, language, or formatting of the technical content.
Contents
TOC \f \h \t "DSTOC1-1,1,DSTOC1-2,2,DSTOC1-3,3,DSTOC1-4,4,DSTOC1-5,5,DSTOC1-6,6,DSTOC1-7,7,DSTOC1-8,8,DSTOC1-9,9,DSTOC2-2,2,DSTOC2-3,3,DSTOC2-4,4,DSTOC2-5,5,DSTOC2-6,6,DSTOC2-7,7,DSTOC2-8,8,DSTOC2-9,9,DSTOC3-3,3,DSTOC3-4,4,DSTOC3-5,5,DSTOC3-6,6,DSTOC3-7,7,DST HYPERLINK \l "_Toc386779546" 1 Introduction PAGEREF _Toc386779546 \h 15
HYPERLINK \l "_Toc386779547" 1.1 Glossary PAGEREF _Toc386779547 \h 15
HYPERLINK \l "_Toc386779548" 1.2 References PAGEREF _Toc386779548 \h 18
HYPERLINK \l "_Toc386779549" 1.2.1 Normative References PAGEREF _Toc386779549 \h 18
HYPERLINK \l "_Toc386779550" 1.2.2 Informative References PAGEREF _Toc386779550 \h 19
HYPERLINK \l "_Toc386779551" 1.3 Overview PAGEREF _Toc386779551 \h 19
HYPERLINK \l "_Toc386779552" 1.4 Relationship to Other Protocols PAGEREF _Toc386779552 \h 20
HYPERLINK \l "_Toc386779553" 1.5 Prerequisites/Preconditions PAGEREF _Toc386779553 \h 21
HYPERLINK \l "_Toc386779554" 1.6 Applicability Statement PAGEREF _Toc386779554 \h 21
HYPERLINK \l "_Toc386779555" 1.7 Versioning and Capability Negotiation PAGEREF _Toc386779555 \h 21
HYPERLINK \l "_Toc386779556" 1.8 Vendor-Extensible Fields PAGEREF _Toc386779556 \h 21
HYPERLINK \l "_Toc386779557" 1.9 Standards Assignments PAGEREF _Toc386779557 \h 21
HYPERLINK \l "_Toc386779558" 2 Messages PAGEREF _Toc386779558 \h 22
HYPERLINK \l "_Toc386779559" 2.1 Transport PAGEREF _Toc386779559 \h 22
HYPERLINK \l "_Toc386779560" 2.2 Common Message Syntax PAGEREF _Toc386779560 \h 22
HYPERLINK \l "_Toc386779561" 2.2.1 Namespaces PAGEREF _Toc386779561 \h 22
HYPERLINK \l "_Toc386779562" 2.2.2 Messages PAGEREF _Toc386779562 \h 22
HYPERLINK \l "_Toc386779563" 2.2.3 Elements PAGEREF _Toc386779563 \h 22
HYPERLINK \l "_Toc386779564" 2.2.3.1 ActiveDirectoryObject PAGEREF _Toc386779564 \h 23
HYPERLINK \l "_Toc386779565" 2.2.3.2 ActiveDirectoryPrincipal PAGEREF _Toc386779565 \h 23
HYPERLINK \l "_Toc386779566" 2.2.3.3 ActiveDirectoryGroup PAGEREF _Toc386779566 \h 23
HYPERLINK \l "_Toc386779567" 2.2.3.4 CustomActionFault PAGEREF _Toc386779567 \h 23
HYPERLINK \l "_Toc386779568" 2.2.3.5 Server PAGEREF _Toc386779568 \h 24
HYPERLINK \l "_Toc386779569" 2.2.4 Complex Types PAGEREF _Toc386779569 \h 24
HYPERLINK \l "_Toc386779570" 2.2.4.1 ActiveDirectoryObject PAGEREF _Toc386779570 \h 25
HYPERLINK \l "_Toc386779571" 2.2.4.1.1 ActiveDirectoryObject/DistinguishedName PAGEREF _Toc386779571 \h 25
HYPERLINK \l "_Toc386779572" 2.2.4.1.2 ActiveDirectoryObject/Name PAGEREF _Toc386779572 \h 25
HYPERLINK \l "_Toc386779573" 2.2.4.1.3 ActiveDirectoryObject/ObjectClass PAGEREF _Toc386779573 \h 25
HYPERLINK \l "_Toc386779574" 2.2.4.1.4 ActiveDirectoryObject/ObjectGuid PAGEREF _Toc386779574 \h 26
HYPERLINK \l "_Toc386779575" 2.2.4.1.5 ActiveDirectoryObject/ObjectTypes PAGEREF _Toc386779575 \h 26
HYPERLINK \l "_Toc386779576" 2.2.4.1.6 ActiveDirectoryObject/ReferenceServer PAGEREF _Toc386779576 \h 26
HYPERLINK \l "_Toc386779577" 2.2.4.2 ActiveDirectoryPrincipal PAGEREF _Toc386779577 \h 26
HYPERLINK \l "_Toc386779578" 2.2.4.2.1 ActiveDirectoryPrincipal/SamAccountName PAGEREF _Toc386779578 \h 26
HYPERLINK \l "_Toc386779579" 2.2.4.2.2 ActiveDirectoryPrincipal/SID PAGEREF _Toc386779579 \h 27
HYPERLINK \l "_Toc386779580" 2.2.4.3 ActiveDirectoryGroup PAGEREF _Toc386779580 \h 27
HYPERLINK \l "_Toc386779581" 2.2.4.3.1 ActiveDirectoryGroup/GroupScope PAGEREF _Toc386779581 \h 27
HYPERLINK \l "_Toc386779582" 2.2.4.3.2 ActiveDirectoryGroup/GroupType PAGEREF _Toc386779582 \h 27
HYPERLINK \l "_Toc386779583" 2.2.4.4 ArrayOfActiveDirectoryGroup PAGEREF _Toc386779583 \h 27
HYPERLINK \l "_Toc386779584" 2.2.4.5 ArgumentErrorDetailCA PAGEREF _Toc386779584 \h 28
HYPERLINK \l "_Toc386779585" 2.2.4.5.1 ArgumentErrorDetailCA/Message PAGEREF _Toc386779585 \h 28
HYPERLINK \l "_Toc386779586" 2.2.4.5.2 ArgumentErrorDetailCA/ParameterName PAGEREF _Toc386779586 \h 28
HYPERLINK \l "_Toc386779587" 2.2.4.5.3 ArgumentErrorDetailCA/ShortMessage PAGEREF _Toc386779587 \h 28
HYPERLINK \l "_Toc386779588" 2.2.4.6 CustomActionFault PAGEREF _Toc386779588 \h 28
HYPERLINK \l "_Toc386779589" 2.2.4.6.1 CustomActionFault/ArgumentError PAGEREF _Toc386779589 \h 29
HYPERLINK \l "_Toc386779590" 2.2.4.6.2 CustomActionFault/DirectoryError PAGEREF _Toc386779590 \h 29
HYPERLINK \l "_Toc386779591" 2.2.4.6.3 CustomActionFault/Error PAGEREF _Toc386779591 \h 29
HYPERLINK \l "_Toc386779592" 2.2.4.6.4 CustomActionFault/ShortError PAGEREF _Toc386779592 \h 29
HYPERLINK \l "_Toc386779593" 2.2.4.7 DirectoryErrorDetailCA PAGEREF _Toc386779593 \h 30
HYPERLINK \l "_Toc386779594" 2.2.4.7.1 DirectoryErrorDetailCA/ErrorCode PAGEREF _Toc386779594 \h 30
HYPERLINK \l "_Toc386779595" 2.2.4.7.2 DirectoryErrorDetailCA/ExtendedErrorMessage PAGEREF _Toc386779595 \h 30
HYPERLINK \l "_Toc386779596" 2.2.4.7.3 DirectoryErrorDetailCA/MatchedDN PAGEREF _Toc386779596 \h 30
HYPERLINK \l "_Toc386779597" 2.2.4.7.4 DirectoryErrorDetailCA/Message PAGEREF _Toc386779597 \h 31
HYPERLINK \l "_Toc386779598" 2.2.4.7.5 DirectoryErrorDetailCA/Referral PAGEREF _Toc386779598 \h 31
HYPERLINK \l "_Toc386779599" 2.2.4.7.6 DirectoryErrorDetailCA/ShortMessage PAGEREF _Toc386779599 \h 31
HYPERLINK \l "_Toc386779600" 2.2.4.7.7 DirectoryErrorDetailCA/Win32ErrorCode PAGEREF _Toc386779600 \h 31
HYPERLINK \l "_Toc386779601" 2.2.4.8 sera:ArrayOfString PAGEREF _Toc386779601 \h 31
HYPERLINK \l "_Toc386779602" 2.2.5 Simple Types PAGEREF _Toc386779602 \h 32
HYPERLINK \l "_Toc386779603" 2.2.5.1 ActiveDirectoryGroupScope PAGEREF _Toc386779603 \h 32
HYPERLINK \l "_Toc386779604" 2.2.5.2 ActiveDirectoryGroupType PAGEREF _Toc386779604 \h 32
HYPERLINK \l "_Toc386779605" 2.2.5.3 ActiveDirectoryOperationMasterRole PAGEREF _Toc386779605 \h 33
HYPERLINK \l "_Toc386779606" 2.2.5.4 ser:duration PAGEREF _Toc386779606 \h 33
HYPERLINK \l "_Toc386779607" 2.2.5.5 ser:guid PAGEREF _Toc386779607 \h 33
HYPERLINK \l "_Toc386779608" 2.2.6 Attributes PAGEREF _Toc386779608 \h 34
HYPERLINK \l "_Toc386779609" 2.2.7 Groups PAGEREF _Toc386779609 \h 34
HYPERLINK \l "_Toc386779610" 2.2.8 Attribute Groups PAGEREF _Toc386779610 \h 34
HYPERLINK \l "_Toc386779611" 2.3 Directory Service Schema Elements PAGEREF _Toc386779611 \h 34
HYPERLINK \l "_Toc386779612" 3 Protocol Details PAGEREF _Toc386779612 \h 37
HYPERLINK \l "_Toc386779613" 3.1 Common Server Processing and Notational Conventions PAGEREF _Toc386779613 \h 37
HYPERLINK \l "_Toc386779614" 3.1.1 Abstract Data Model PAGEREF _Toc386779614 \h 37
HYPERLINK \l "_Toc386779615" 3.1.1.1 Attribute List PAGEREF _Toc386779615 \h 38
HYPERLINK \l "_Toc386779616" 3.1.1.2 Object Class List PAGEREF _Toc386779616 \h 40
HYPERLINK \l "_Toc386779617" 3.1.1.3 Read and Write Operations PAGEREF _Toc386779617 \h 40
HYPERLINK \l "_Toc386779618" 3.1.1.3.1 Read Operations PAGEREF _Toc386779618 \h 40
HYPERLINK \l "_Toc386779619" 3.1.1.3.2 Write Operations PAGEREF _Toc386779619 \h 41
HYPERLINK \l "_Toc386779620" 3.1.2 Timers PAGEREF _Toc386779620 \h 41
HYPERLINK \l "_Toc386779621" 3.1.3 Initialization PAGEREF _Toc386779621 \h 41
HYPERLINK \l "_Toc386779622" 3.1.4 Message Processing Events and Sequencing Rules PAGEREF _Toc386779622 \h 41
HYPERLINK \l "_Toc386779623" 3.1.4.1 Header Processing Rules PAGEREF _Toc386779623 \h 41
HYPERLINK \l "_Toc386779624" 3.1.4.2 Common Response Elements Processing Rules PAGEREF _Toc386779624 \h 42
HYPERLINK \l "_Toc386779625" 3.1.4.2.1 ActiveDirectoryGroup PAGEREF _Toc386779625 \h 42
HYPERLINK \l "_Toc386779626" 3.1.4.2.2 ActiveDirectoryObject PAGEREF _Toc386779626 \h 42
HYPERLINK \l "_Toc386779627" 3.1.4.2.3 ActiveDirectoryPrincipal PAGEREF _Toc386779627 \h 44
HYPERLINK \l "_Toc386779628" 3.1.4.3 Security Context of Operations PAGEREF _Toc386779628 \h 44
HYPERLINK \l "_Toc386779629" 3.1.5 Timer Events PAGEREF _Toc386779629 \h 45
HYPERLINK \l "_Toc386779630" 3.1.6 Other Local Events PAGEREF _Toc386779630 \h 45
HYPERLINK \l "_Toc386779631" 3.2 Port Types PAGEREF _Toc386779631 \h 45
HYPERLINK \l "_Toc386779632" 3.3 AccountManagement Server Details PAGEREF _Toc386779632 \h 45
HYPERLINK \l "_Toc386779633" 3.3.1 Abstract Data Model PAGEREF _Toc386779633 \h 46
HYPERLINK \l "_Toc386779634" 3.3.2 Timers PAGEREF _Toc386779634 \h 46
HYPERLINK \l "_Toc386779635" 3.3.3 Initialization PAGEREF _Toc386779635 \h 46
HYPERLINK \l "_Toc386779636" 3.3.4 Message Processing Events and Sequencing Rules PAGEREF _Toc386779636 \h 46
HYPERLINK \l "_Toc386779637" 3.3.4.1 ChangePassword PAGEREF _Toc386779637 \h 46
HYPERLINK \l "_Toc386779638" 3.3.4.1.1 Messages PAGEREF _Toc386779638 \h 47
HYPERLINK \l "_Toc386779639" 3.3.4.1.1.1 AccountManagement_ChangePassword_ChangePasswordFault_FaultMessage PAGEREF _Toc386779639 \h 47
HYPERLINK \l "_Toc386779640" 3.3.4.1.1.2 ChangePasswordRequest PAGEREF _Toc386779640 \h 48
HYPERLINK \l "_Toc386779641" 3.3.4.1.1.3 ChangePasswordResponse PAGEREF _Toc386779641 \h 48
HYPERLINK \l "_Toc386779642" 3.3.4.1.2 Elements PAGEREF _Toc386779642 \h 48
HYPERLINK \l "_Toc386779643" 3.3.4.1.2.1 ChangePasswordFault PAGEREF _Toc386779643 \h 48
HYPERLINK \l "_Toc386779644" 3.3.4.1.2.2 ChangePasswordRequest PAGEREF _Toc386779644 \h 49
HYPERLINK \l "_Toc386779645" 3.3.4.1.2.3 ChangePasswordRequest/AccountDN PAGEREF _Toc386779645 \h 49
HYPERLINK \l "_Toc386779646" 3.3.4.1.2.4 ChangePasswordRequest/NewPassword PAGEREF _Toc386779646 \h 49
HYPERLINK \l "_Toc386779647" 3.3.4.1.2.5 ChangePasswordRequest/OldPassword PAGEREF _Toc386779647 \h 49
HYPERLINK \l "_Toc386779648" 3.3.4.1.2.6 ChangePasswordRequest/PartitionDN PAGEREF _Toc386779648 \h 49
HYPERLINK \l "_Toc386779649" 3.3.4.1.2.7 ChangePasswordResponse PAGEREF _Toc386779649 \h 50
HYPERLINK \l "_Toc386779650" 3.3.4.1.3 Complex Types PAGEREF _Toc386779650 \h 50
HYPERLINK \l "_Toc386779651" 3.3.4.1.3.1 ChangePasswordFault PAGEREF _Toc386779651 \h 50
HYPERLINK \l "_Toc386779652" 3.3.4.1.4 Simple Types PAGEREF _Toc386779652 \h 50
HYPERLINK \l "_Toc386779653" 3.3.4.1.5 Attributes PAGEREF _Toc386779653 \h 50
HYPERLINK \l "_Toc386779654" 3.3.4.1.6 Groups PAGEREF _Toc386779654 \h 50
HYPERLINK \l "_Toc386779655" 3.3.4.1.7 Attribute Groups PAGEREF _Toc386779655 \h 50
HYPERLINK \l "_Toc386779656" 3.3.4.1.8 ChangePassword SOAP Faults PAGEREF _Toc386779656 \h 51
HYPERLINK \l "_Toc386779657" 3.3.4.1.8.1 Bad Parameter Error PAGEREF _Toc386779657 \h 52
HYPERLINK \l "_Toc386779658" 3.3.4.1.8.2 Bad Principal Error PAGEREF _Toc386779658 \h 52
HYPERLINK \l "_Toc386779659" 3.3.4.1.8.3 Bad Principal AD LDS Error PAGEREF _Toc386779659 \h 53
HYPERLINK \l "_Toc386779660" 3.3.4.1.8.4 Bad Password Error PAGEREF _Toc386779660 \h 54
HYPERLINK \l "_Toc386779661" 3.3.4.1.8.5 Bad Naming Context Error PAGEREF _Toc386779661 \h 55
HYPERLINK \l "_Toc386779662" 3.3.4.1.8.6 Directory Error PAGEREF _Toc386779662 \h 55
HYPERLINK \l "_Toc386779663" 3.3.4.1.8.7 Authorization Error PAGEREF _Toc386779663 \h 56
HYPERLINK \l "_Toc386779664" 3.3.4.1.8.8 Authentication Error PAGEREF _Toc386779664 \h 57
HYPERLINK \l "_Toc386779665" 3.3.4.2 GetADGroupMember PAGEREF _Toc386779665 \h 57
HYPERLINK \l "_Toc386779666" 3.3.4.2.1 Messages PAGEREF _Toc386779666 \h 59
HYPERLINK \l "_Toc386779667" 3.3.4.2.1.1 AccountManagement_GetADGroupMember_GetADGroupMemberFault_FaultMessage PAGEREF _Toc386779667 \h 59
HYPERLINK \l "_Toc386779668" 3.3.4.2.1.2 GetADGroupMemberRequest PAGEREF _Toc386779668 \h 59
HYPERLINK \l "_Toc386779669" 3.3.4.2.1.3 GetADGroupMemberResponse PAGEREF _Toc386779669 \h 59
HYPERLINK \l "_Toc386779670" 3.3.4.2.2 Elements PAGEREF _Toc386779670 \h 60
HYPERLINK \l "_Toc386779671" 3.3.4.2.2.1 GetADGroupMemberFault PAGEREF _Toc386779671 \h 60
HYPERLINK \l "_Toc386779672" 3.3.4.2.2.2 GetADGroupMemberRequest PAGEREF _Toc386779672 \h 60
HYPERLINK \l "_Toc386779673" 3.3.4.2.2.3 GetADGroupMemberRequest/GroupDN PAGEREF _Toc386779673 \h 60
HYPERLINK \l "_Toc386779674" 3.3.4.2.2.4 GetADGroupMemberRequest/PartitionDN PAGEREF _Toc386779674 \h 61
HYPERLINK \l "_Toc386779675" 3.3.4.2.2.5 GetADGroupMemberRequest/Recursive PAGEREF _Toc386779675 \h 61
HYPERLINK \l "_Toc386779676" 3.3.4.2.2.6 GetADGroupMemberResponse PAGEREF _Toc386779676 \h 61
HYPERLINK \l "_Toc386779677" 3.3.4.2.2.7 GetADGroupMemberResponse/Members PAGEREF _Toc386779677 \h 61
HYPERLINK \l "_Toc386779678" 3.3.4.2.3 Complex Types PAGEREF _Toc386779678 \h 62
HYPERLINK \l "_Toc386779679" 3.3.4.2.3.1 ArrayOfActiveDirectoryPrincipal PAGEREF _Toc386779679 \h 62
HYPERLINK \l "_Toc386779680" 3.3.4.2.3.2 GetADGroupMemberFault PAGEREF _Toc386779680 \h 62
HYPERLINK \l "_Toc386779681" 3.3.4.2.4 Simple Types PAGEREF _Toc386779681 \h 62
HYPERLINK \l "_Toc386779682" 3.3.4.2.5 Attributes PAGEREF _Toc386779682 \h 62
HYPERLINK \l "_Toc386779683" 3.3.4.2.6 Groups PAGEREF _Toc386779683 \h 63
HYPERLINK \l "_Toc386779684" 3.3.4.2.7 Attribute Groups PAGEREF _Toc386779684 \h 63
HYPERLINK \l "_Toc386779685" 3.3.4.2.8 GetADGroupMember SOAP Faults PAGEREF _Toc386779685 \h 63
HYPERLINK \l "_Toc386779686" 3.3.4.2.8.1 Bad Parameter Error PAGEREF _Toc386779686 \h 64
HYPERLINK \l "_Toc386779687" 3.3.4.2.8.2 Bad Principal Error PAGEREF _Toc386779687 \h 64
HYPERLINK \l "_Toc386779688" 3.3.4.2.8.3 Multiple Matching Principals Error PAGEREF _Toc386779688 \h 65
HYPERLINK \l "_Toc386779689" 3.3.4.2.8.4 Bad Naming Context Error PAGEREF _Toc386779689 \h 65
HYPERLINK \l "_Toc386779690" 3.3.4.2.8.5 Directory Error PAGEREF _Toc386779690 \h 66
HYPERLINK \l "_Toc386779691" 3.3.4.2.8.6 Authentication Error PAGEREF _Toc386779691 \h 67
HYPERLINK \l "_Toc386779692" 3.3.4.2.8.7 Remote Authentication Error PAGEREF _Toc386779692 \h 68
HYPERLINK \l "_Toc386779693" 3.3.4.3 GetADPrincipalAuthorizationGroup PAGEREF _Toc386779693 \h 68
HYPERLINK \l "_Toc386779694" 3.3.4.3.1 Messages PAGEREF _Toc386779694 \h 69
HYPERLINK \l "_Toc386779695" 3.3.4.3.1.1 AccountManagement_GetADPrincipalAuthorizationGroup_GetADPrincipalAuthorizationGroupFault_FaultMessage PAGEREF _Toc386779695 \h 70
HYPERLINK \l "_Toc386779696" 3.3.4.3.1.2 GetADPrincipalAuthorizationGroupRequest PAGEREF _Toc386779696 \h 70
HYPERLINK \l "_Toc386779697" 3.3.4.3.1.3 GetADPrincipalAuthorizationGroupResponse PAGEREF _Toc386779697 \h 70
HYPERLINK \l "_Toc386779698" 3.3.4.3.2 Elements PAGEREF _Toc386779698 \h 71
HYPERLINK \l "_Toc386779699" 3.3.4.3.2.1 GetADPrincipalAuthorizationGroupFault PAGEREF _Toc386779699 \h 71
HYPERLINK \l "_Toc386779700" 3.3.4.3.2.2 GetADPrincipalAuthorizationGroupRequest PAGEREF _Toc386779700 \h 71
HYPERLINK \l "_Toc386779701" 3.3.4.3.2.3 GetADPrincipalAuthorizationGroupRequest/PartitionDN PAGEREF _Toc386779701 \h 71
HYPERLINK \l "_Toc386779702" 3.3.4.3.2.4 GetADPrincipalAuthorizationGroupRequest/PrincipalDN PAGEREF _Toc386779702 \h 72
HYPERLINK \l "_Toc386779703" 3.3.4.3.2.5 GetADPrincipalAuthorizationGroupResponse PAGEREF _Toc386779703 \h 72
HYPERLINK \l "_Toc386779704" 3.3.4.3.2.6 GetADPrincipalAuthorizationGroupResponse/MemberOf PAGEREF _Toc386779704 \h 72
HYPERLINK \l "_Toc386779705" 3.3.4.3.3 Complex Types PAGEREF _Toc386779705 \h 73
HYPERLINK \l "_Toc386779706" 3.3.4.3.3.1 GetADPrincipalAuthorizationGroupFault PAGEREF _Toc386779706 \h 73
HYPERLINK \l "_Toc386779707" 3.3.4.3.4 Simple Types PAGEREF _Toc386779707 \h 73
HYPERLINK \l "_Toc386779708" 3.3.4.3.5 Attributes PAGEREF _Toc386779708 \h 73
HYPERLINK \l "_Toc386779709" 3.3.4.3.6 Groups PAGEREF _Toc386779709 \h 73
HYPERLINK \l "_Toc386779710" 3.3.4.3.7 Attribute Groups PAGEREF _Toc386779710 \h 73
HYPERLINK \l "_Toc386779711" 3.3.4.3.8 GetADPrincipalAuthorizationGroup SOAP Faults PAGEREF _Toc386779711 \h 73
HYPERLINK \l "_Toc386779712" 3.3.4.3.8.1 Bad Parameter Error PAGEREF _Toc386779712 \h 74
HYPERLINK \l "_Toc386779713" 3.3.4.3.8.2 Bad Principal Error PAGEREF _Toc386779713 \h 75
HYPERLINK \l "_Toc386779714" 3.3.4.3.8.3 Multiple Matching Principals Error PAGEREF _Toc386779714 \h 76
HYPERLINK \l "_Toc386779715" 3.3.4.3.8.4 Bad Naming Context Error PAGEREF _Toc386779715 \h 76
HYPERLINK \l "_Toc386779716" 3.3.4.3.8.5 Directory Error PAGEREF _Toc386779716 \h 77
HYPERLINK \l "_Toc386779717" 3.3.4.3.8.6 Authentication Error PAGEREF _Toc386779717 \h 78
HYPERLINK \l "_Toc386779718" 3.3.4.3.8.7 Remote Authentication Error PAGEREF _Toc386779718 \h 78
HYPERLINK \l "_Toc386779719" 3.3.4.4 GetADPrincipalGroupMembership PAGEREF _Toc386779719 \h 79
HYPERLINK \l "_Toc386779720" 3.3.4.4.1 Messages PAGEREF _Toc386779720 \h 81
HYPERLINK \l "_Toc386779721" 3.3.4.4.1.1 AccountManagement_GetADPrincipalGroupMembership_GetADPrincipalGroupMembershipFault_FaultMessage PAGEREF _Toc386779721 \h 82
HYPERLINK \l "_Toc386779722" 3.3.4.4.1.2 GetADPrincipalGroupMembershipRequest PAGEREF _Toc386779722 \h 82
HYPERLINK \l "_Toc386779723" 3.3.4.4.1.3 GetADPrincipalGroupMembershipResponse PAGEREF _Toc386779723 \h 82
HYPERLINK \l "_Toc386779724" 3.3.4.4.2 Elements PAGEREF _Toc386779724 \h 83
HYPERLINK \l "_Toc386779725" 3.3.4.4.2.1 GetADPrincipalGroupMembershipFault PAGEREF _Toc386779725 \h 83
HYPERLINK \l "_Toc386779726" 3.3.4.4.2.2 GetADPrincipalGroupMembershipRequest PAGEREF _Toc386779726 \h 83
HYPERLINK \l "_Toc386779727" 3.3.4.4.2.3 GetADPrincipalGroupMembershipRequest/PartitionDN PAGEREF _Toc386779727 \h 83
HYPERLINK \l "_Toc386779728" 3.3.4.4.2.4 GetADPrincipalGroupMembershipRequest/PrincipalDN PAGEREF _Toc386779728 \h 84
HYPERLINK \l "_Toc386779729" 3.3.4.4.2.5 GetADPrincipalGroupMembershipRequest/ResourceContextPartition PAGEREF _Toc386779729 \h 84
HYPERLINK \l "_Toc386779730" 3.3.4.4.2.6 GetADPrincipalGroupMembershipRequest/ResourceContextServer PAGEREF _Toc386779730 \h 84
HYPERLINK \l "_Toc386779731" 3.3.4.4.2.7 GetADPrincipalGroupMembershipResponse PAGEREF _Toc386779731 \h 84
HYPERLINK \l "_Toc386779732" 3.3.4.4.2.8 GetADPrincipalGroupMembershipResponse/MemberOf PAGEREF _Toc386779732 \h 85
HYPERLINK \l "_Toc386779733" 3.3.4.4.3 Complex Types PAGEREF _Toc386779733 \h 85
HYPERLINK \l "_Toc386779734" 3.3.4.4.3.1 GetADPrincipalGroupMembershipFault PAGEREF _Toc386779734 \h 85
HYPERLINK \l "_Toc386779735" 3.3.4.4.4 Simple Types PAGEREF _Toc386779735 \h 85
HYPERLINK \l "_Toc386779736" 3.3.4.4.5 Attributes PAGEREF _Toc386779736 \h 85
HYPERLINK \l "_Toc386779737" 3.3.4.4.6 Groups PAGEREF _Toc386779737 \h 85
HYPERLINK \l "_Toc386779738" 3.3.4.4.7 Attribute Groups PAGEREF _Toc386779738 \h 85
HYPERLINK \l "_Toc386779739" 3.3.4.4.8 GetADPrincipalGroupMembership SOAP Faults PAGEREF _Toc386779739 \h 86
HYPERLINK \l "_Toc386779740" 3.3.4.4.8.1 Bad Parameter Error PAGEREF _Toc386779740 \h 87
HYPERLINK \l "_Toc386779741" 3.3.4.4.8.2 Bad Principal Error PAGEREF _Toc386779741 \h 88
HYPERLINK \l "_Toc386779742" 3.3.4.4.8.3 Multiple Matching Principals Error PAGEREF _Toc386779742 \h 88
HYPERLINK \l "_Toc386779743" 3.3.4.4.8.4 Bad Naming Context Error PAGEREF _Toc386779743 \h 89
HYPERLINK \l "_Toc386779744" 3.3.4.4.8.5 ObjectGuid Error PAGEREF _Toc386779744 \h 89
HYPERLINK \l "_Toc386779745" 3.3.4.4.8.6 Directory Error PAGEREF _Toc386779745 \h 90
HYPERLINK \l "_Toc386779746" 3.3.4.4.8.7 Authentication Error PAGEREF _Toc386779746 \h 91
HYPERLINK \l "_Toc386779747" 3.3.4.4.8.8 Remote Authentication Error PAGEREF _Toc386779747 \h 92
HYPERLINK \l "_Toc386779748" 3.3.4.4.8.9 Resource Context Server Format Error PAGEREF _Toc386779748 \h 92
HYPERLINK \l "_Toc386779749" 3.3.4.5 SetPassword PAGEREF _Toc386779749 \h 93
HYPERLINK \l "_Toc386779750" 3.3.4.5.1 Messages PAGEREF _Toc386779750 \h 94
HYPERLINK \l "_Toc386779751" 3.3.4.5.1.1 AccountManagement_SetPassword_SetPasswordFault_FaultMessage PAGEREF _Toc386779751 \h 94
HYPERLINK \l "_Toc386779752" 3.3.4.5.1.2 SetPasswordRequest PAGEREF _Toc386779752 \h 94
HYPERLINK \l "_Toc386779753" 3.3.4.5.1.3 SetPasswordResponse PAGEREF _Toc386779753 \h 95
HYPERLINK \l "_Toc386779754" 3.3.4.5.2 Elements PAGEREF _Toc386779754 \h 95
HYPERLINK \l "_Toc386779755" 3.3.4.5.2.1 SetPasswordFault PAGEREF _Toc386779755 \h 95
HYPERLINK \l "_Toc386779756" 3.3.4.5.2.2 SetPasswordRequest PAGEREF _Toc386779756 \h 95
HYPERLINK \l "_Toc386779757" 3.3.4.5.2.3 SetPasswordRequest/AccountDN PAGEREF _Toc386779757 \h 96
HYPERLINK \l "_Toc386779758" 3.3.4.5.2.4 SetPasswordRequest/NewPassword PAGEREF _Toc386779758 \h 96
HYPERLINK \l "_Toc386779759" 3.3.4.5.2.5 SetPasswordRequest/PartitionDN PAGEREF _Toc386779759 \h 96
HYPERLINK \l "_Toc386779760" 3.3.4.5.2.6 SetPasswordResponse PAGEREF _Toc386779760 \h 96
HYPERLINK \l "_Toc386779761" 3.3.4.5.3 Complex Types PAGEREF _Toc386779761 \h 96
HYPERLINK \l "_Toc386779762" 3.3.4.5.3.1 SetPasswordFault PAGEREF _Toc386779762 \h 97
HYPERLINK \l "_Toc386779763" 3.3.4.5.4 Simple Types PAGEREF _Toc386779763 \h 97
HYPERLINK \l "_Toc386779764" 3.3.4.5.5 Attributes PAGEREF _Toc386779764 \h 97
HYPERLINK \l "_Toc386779765" 3.3.4.5.6 Groups PAGEREF _Toc386779765 \h 97
HYPERLINK \l "_Toc386779766" 3.3.4.5.7 Attribute Groups PAGEREF _Toc386779766 \h 97
HYPERLINK \l "_Toc386779767" 3.3.4.5.8 SetPassword SOAP Faults PAGEREF _Toc386779767 \h 97
HYPERLINK \l "_Toc386779768" 3.3.4.5.8.1 Bad Parameter Error PAGEREF _Toc386779768 \h 98
HYPERLINK \l "_Toc386779769" 3.3.4.5.8.2 Bad Principal Error PAGEREF _Toc386779769 \h 99
HYPERLINK \l "_Toc386779770" 3.3.4.5.8.3 Bad Principal AD LDS Error PAGEREF _Toc386779770 \h 100
HYPERLINK \l "_Toc386779771" 3.3.4.5.8.4 Bad Password Error PAGEREF _Toc386779771 \h 100
HYPERLINK \l "_Toc386779772" 3.3.4.5.8.5 Bad Naming Context Error PAGEREF _Toc386779772 \h 102
HYPERLINK \l "_Toc386779773" 3.3.4.5.8.6 Directory Error PAGEREF _Toc386779773 \h 102
HYPERLINK \l "_Toc386779774" 3.3.4.5.8.7 Authorization Error PAGEREF _Toc386779774 \h 103
HYPERLINK \l "_Toc386779775" 3.3.4.5.8.8 Authentication Error PAGEREF _Toc386779775 \h 104
HYPERLINK \l "_Toc386779776" 3.3.4.6 TranslateName PAGEREF _Toc386779776 \h 104
HYPERLINK \l "_Toc386779777" 3.3.4.6.1 Messages PAGEREF _Toc386779777 \h 105
HYPERLINK \l "_Toc386779778" 3.3.4.6.1.1 AccountManagement_TranslateName_TranslateNameFault_FaultMessage PAGEREF _Toc386779778 \h 106
HYPERLINK \l "_Toc386779779" 3.3.4.6.1.2 TranslateNameRequest PAGEREF _Toc386779779 \h 106
HYPERLINK \l "_Toc386779780" 3.3.4.6.1.3 TranslateNameResponse PAGEREF _Toc386779780 \h 106
HYPERLINK \l "_Toc386779781" 3.3.4.6.2 Elements PAGEREF _Toc386779781 \h 106
HYPERLINK \l "_Toc386779782" 3.3.4.6.2.1 TranslateNameFault PAGEREF _Toc386779782 \h 107
HYPERLINK \l "_Toc386779783" 3.3.4.6.2.2 TranslateNameRequest PAGEREF _Toc386779783 \h 107
HYPERLINK \l "_Toc386779784" 3.3.4.6.2.3 TranslateNameRequest/FormatDesired PAGEREF _Toc386779784 \h 107
HYPERLINK \l "_Toc386779785" 3.3.4.6.2.4 TranslateNameRequest/FormatOffered PAGEREF _Toc386779785 \h 108
HYPERLINK \l "_Toc386779786" 3.3.4.6.2.5 TranslateNameRequest/Names PAGEREF _Toc386779786 \h 108
HYPERLINK \l "_Toc386779787" 3.3.4.6.2.6 TranslateNameResponse PAGEREF _Toc386779787 \h 108
HYPERLINK \l "_Toc386779788" 3.3.4.6.2.7 TranslateNameResponse/NameTranslateResult PAGEREF _Toc386779788 \h 108
HYPERLINK \l "_Toc386779789" 3.3.4.6.3 Complex Types PAGEREF _Toc386779789 \h 109
HYPERLINK \l "_Toc386779790" 3.3.4.6.3.1 ActiveDirectoryNameTranslateResult PAGEREF _Toc386779790 \h 109
HYPERLINK \l "_Toc386779791" 3.3.4.6.3.1.1 ActiveDirectoryNameTranslateResult/Result PAGEREF _Toc386779791 \h 109
HYPERLINK \l "_Toc386779792" 3.3.4.6.3.1.2 ActiveDirectoryNameTranslateResult/Name PAGEREF _Toc386779792 \h 110
HYPERLINK \l "_Toc386779793" 3.3.4.6.3.2 ArrayOfActiveDirectoryNameTranslateResult PAGEREF _Toc386779793 \h 110
HYPERLINK \l "_Toc386779794" 3.3.4.6.3.2.1 ArrayOfActiveDirectoryNameTranslateResult/ActiveDirectoryNameTranslateResult PAGEREF _Toc386779794 \h 110
HYPERLINK \l "_Toc386779795" 3.3.4.6.3.3 TranslateNameFault PAGEREF _Toc386779795 \h 111
HYPERLINK \l "_Toc386779796" 3.3.4.6.4 Simple Types PAGEREF _Toc386779796 \h 111
HYPERLINK \l "_Toc386779797" 3.3.4.6.4.1 ActiveDirectoryNameFormat PAGEREF _Toc386779797 \h 111
HYPERLINK \l "_Toc386779798" 3.3.4.6.5 Attributes PAGEREF _Toc386779798 \h 112
HYPERLINK \l "_Toc386779799" 3.3.4.6.6 Groups PAGEREF _Toc386779799 \h 112
HYPERLINK \l "_Toc386779800" 3.3.4.6.7 Attribute Groups PAGEREF _Toc386779800 \h 112
HYPERLINK \l "_Toc386779801" 3.3.4.6.8 TranslateName SOAP Faults PAGEREF _Toc386779801 \h 112
HYPERLINK \l "_Toc386779802" 3.3.4.6.8.1 Bad Parameter Error PAGEREF _Toc386779802 \h 113
HYPERLINK \l "_Toc386779803" 3.3.4.6.8.2 Directory Error PAGEREF _Toc386779803 \h 114
HYPERLINK \l "_Toc386779804" 3.3.4.6.8.3 Authentication Error PAGEREF _Toc386779804 \h 114
HYPERLINK \l "_Toc386779805" 3.3.5 Timer Events PAGEREF _Toc386779805 \h 115
HYPERLINK \l "_Toc386779806" 3.3.6 Other Local Events PAGEREF _Toc386779806 \h 115
HYPERLINK \l "_Toc386779807" 3.4 TopologyManagement Server Details PAGEREF _Toc386779807 \h 115
HYPERLINK \l "_Toc386779808" 3.4.1 Abstract Data Model PAGEREF _Toc386779808 \h 115
HYPERLINK \l "_Toc386779809" 3.4.2 Timers PAGEREF _Toc386779809 \h 115
HYPERLINK \l "_Toc386779810" 3.4.3 Initialization PAGEREF _Toc386779810 \h 116
HYPERLINK \l "_Toc386779811" 3.4.4 Message Processing Events and Sequencing Rules PAGEREF _Toc386779811 \h 116
HYPERLINK \l "_Toc386779812" 3.4.4.1 ChangeOptionalFeature PAGEREF _Toc386779812 \h 116
HYPERLINK \l "_Toc386779813" 3.4.4.1.1 Messages PAGEREF _Toc386779813 \h 117
HYPERLINK \l "_Toc386779814" 3.4.4.1.1.1 ChangeOptionalFeatureRequest PAGEREF _Toc386779814 \h 117
HYPERLINK \l "_Toc386779815" 3.4.4.1.1.2 ChangeOptionalFeatureResponse PAGEREF _Toc386779815 \h 118
HYPERLINK \l "_Toc386779816" 3.4.4.1.1.3 TopologyManagement_ChangeOptionalFeature_ChangeOptionalFeatureFault_FaultMessage PAGEREF _Toc386779816 \h 118
HYPERLINK \l "_Toc386779817" 3.4.4.1.2 Elements PAGEREF _Toc386779817 \h 118
HYPERLINK \l "_Toc386779818" 3.4.4.1.2.1 ChangeOptionalFeatureFault PAGEREF _Toc386779818 \h 118
HYPERLINK \l "_Toc386779819" 3.4.4.1.2.2 ChangeOptionalFeatureRequest PAGEREF _Toc386779819 \h 118
HYPERLINK \l "_Toc386779820" 3.4.4.1.2.3 ChangeOptionalFeatureRequest/DistinguishedName PAGEREF _Toc386779820 \h 119
HYPERLINK \l "_Toc386779821" 3.4.4.1.2.4 ChangeOptionalFeatureRequest/Enable PAGEREF _Toc386779821 \h 119
HYPERLINK \l "_Toc386779822" 3.4.4.1.2.5 ChangeOptionalFeatureRequest/FeatureId PAGEREF _Toc386779822 \h 119
HYPERLINK \l "_Toc386779823" 3.4.4.1.2.6 ChangeOptionalFeatureResponse PAGEREF _Toc386779823 \h 120
HYPERLINK \l "_Toc386779824" 3.4.4.1.3 Complex Types PAGEREF _Toc386779824 \h 120
HYPERLINK \l "_Toc386779825" 3.4.4.1.3.1 ChangeOptionalFeatureFault PAGEREF _Toc386779825 \h 120
HYPERLINK \l "_Toc386779826" 3.4.4.1.4 Simple Types PAGEREF _Toc386779826 \h 120
HYPERLINK \l "_Toc386779827" 3.4.4.1.5 Attributes PAGEREF _Toc386779827 \h 120
HYPERLINK \l "_Toc386779828" 3.4.4.1.6 Groups PAGEREF _Toc386779828 \h 120
HYPERLINK \l "_Toc386779829" 3.4.4.1.7 Attribute Groups PAGEREF _Toc386779829 \h 120
HYPERLINK \l "_Toc386779830" 3.4.4.1.8 ChangeOptionalFeature SOAP Faults PAGEREF _Toc386779830 \h 121
HYPERLINK \l "_Toc386779831" 3.4.4.1.8.1 Bad Parameter Error PAGEREF _Toc386779831 \h 121
HYPERLINK \l "_Toc386779832" 3.4.4.1.8.2 Bad DistinguishedName Error PAGEREF _Toc386779832 \h 122
HYPERLINK \l "_Toc386779833" 3.4.4.1.8.3 Bad FeatureId Error PAGEREF _Toc386779833 \h 123
HYPERLINK \l "_Toc386779834" 3.4.4.1.8.4 Directory Error PAGEREF _Toc386779834 \h 124
HYPERLINK \l "_Toc386779835" 3.4.4.1.8.5 Authorization Error PAGEREF _Toc386779835 \h 124
HYPERLINK \l "_Toc386779836" 3.4.4.1.8.6 Authentication Error PAGEREF _Toc386779836 \h 125
HYPERLINK \l "_Toc386779837" 3.4.4.2 GetADDomain PAGEREF _Toc386779837 \h 126
HYPERLINK \l "_Toc386779838" 3.4.4.2.1 Messages PAGEREF _Toc386779838 \h 126
HYPERLINK \l "_Toc386779839" 3.4.4.2.1.1 GetADDomainRequest PAGEREF _Toc386779839 \h 127
HYPERLINK \l "_Toc386779840" 3.4.4.2.1.2 GetADDomainResponse PAGEREF _Toc386779840 \h 127
HYPERLINK \l "_Toc386779841" 3.4.4.2.1.3 TopologyManagement_GetADDomain_GetADDomainFault_FaultMessage PAGEREF _Toc386779841 \h 127
HYPERLINK \l "_Toc386779842" 3.4.4.2.2 Elements PAGEREF _Toc386779842 \h 127
HYPERLINK \l "_Toc386779843" 3.4.4.2.2.1 GetADDomainFault PAGEREF _Toc386779843 \h 128
HYPERLINK \l "_Toc386779844" 3.4.4.2.2.2 GetADDomainRequest PAGEREF _Toc386779844 \h 128
HYPERLINK \l "_Toc386779845" 3.4.4.2.2.3 GetADDomainResponse PAGEREF _Toc386779845 \h 128
HYPERLINK \l "_Toc386779846" 3.4.4.2.2.4 GetADDomainResponse/Domain PAGEREF _Toc386779846 \h 128
HYPERLINK \l "_Toc386779847" 3.4.4.2.3 Complex Types PAGEREF _Toc386779847 \h 129
HYPERLINK \l "_Toc386779848" 3.4.4.2.3.1 ActiveDirectoryDomain PAGEREF _Toc386779848 \h 129
HYPERLINK \l "_Toc386779849" 3.4.4.2.3.1.1 ActiveDirectoryDomain/AllowedDNSSuffixes PAGEREF _Toc386779849 \h 130
HYPERLINK \l "_Toc386779850" 3.4.4.2.3.1.2 ActiveDirectoryDomain/AppliedGroupPolicies PAGEREF _Toc386779850 \h 130
HYPERLINK \l "_Toc386779851" 3.4.4.2.3.1.3 ActiveDirectoryDomain/ChildDomains PAGEREF _Toc386779851 \h 131
HYPERLINK \l "_Toc386779852" 3.4.4.2.3.1.4 ActiveDirectoryDomain/ComputersContainer PAGEREF _Toc386779852 \h 131
HYPERLINK \l "_Toc386779853" 3.4.4.2.3.1.5 ActiveDirectoryDomain/DomainControllersContainer PAGEREF _Toc386779853 \h 132
HYPERLINK \l "_Toc386779854" 3.4.4.2.3.1.6 ActiveDirectoryDomain/DomainMode PAGEREF _Toc386779854 \h 132
HYPERLINK \l "_Toc386779855" 3.4.4.2.3.1.7 ActiveDirectoryDomain/DomainSID PAGEREF _Toc386779855 \h 132
HYPERLINK \l "_Toc386779856" 3.4.4.2.3.1.8 ActiveDirectoryDomain/ForeignSecurityPrincipalsContainer PAGEREF _Toc386779856 \h 132
HYPERLINK \l "_Toc386779857" 3.4.4.2.3.1.9 ActiveDirectoryDomain/Forest PAGEREF _Toc386779857 \h 133
HYPERLINK \l "_Toc386779858" 3.4.4.2.3.1.10 ActiveDirectoryDomain/InfrastructureMaster PAGEREF _Toc386779858 \h 133
HYPERLINK \l "_Toc386779859" 3.4.4.2.3.1.11 ActiveDirectoryDomain/LastLogonReplicationInterval PAGEREF _Toc386779859 \h 134
HYPERLINK \l "_Toc386779860" 3.4.4.2.3.1.12 ActiveDirectoryDomain/ManagedBy PAGEREF _Toc386779860 \h 134
HYPERLINK \l "_Toc386779861" 3.4.4.2.3.1.13 ActiveDirectoryDomain/NetBIOSName PAGEREF _Toc386779861 \h 134
HYPERLINK \l "_Toc386779862" 3.4.4.2.3.1.14 ActiveDirectoryDomain/ParentDomain PAGEREF _Toc386779862 \h 135
HYPERLINK \l "_Toc386779863" 3.4.4.2.3.1.15 ActiveDirectoryDomain/PDCEmulator PAGEREF _Toc386779863 \h 135
HYPERLINK \l "_Toc386779864" 3.4.4.2.3.1.16 ActiveDirectoryDomain/RIDMaster PAGEREF _Toc386779864 \h 136
HYPERLINK \l "_Toc386779865" 3.4.4.2.3.1.17 ActiveDirectoryDomain/SystemsContainer PAGEREF _Toc386779865 \h 136
HYPERLINK \l "_Toc386779866" 3.4.4.2.3.1.18 ActiveDirectoryDomain/UsersContainer PAGEREF _Toc386779866 \h 136
HYPERLINK \l "_Toc386779867" 3.4.4.2.3.2 ActiveDirectoryPartition PAGEREF _Toc386779867 \h 137
HYPERLINK \l "_Toc386779868" 3.4.4.2.3.2.1 ActiveDirectoryPartition/DeletedObjectsContainer PAGEREF _Toc386779868 \h 137
HYPERLINK \l "_Toc386779869" 3.4.4.2.3.2.2 ActiveDirectoryPartition/DistinguishedName PAGEREF _Toc386779869 \h 138
HYPERLINK \l "_Toc386779870" 3.4.4.2.3.2.3 ActiveDirectoryPartition/DNSRoot PAGEREF _Toc386779870 \h 138
HYPERLINK \l "_Toc386779871" 3.4.4.2.3.2.4 ActiveDirectoryPartition/LostAndFoundContainer PAGEREF _Toc386779871 \h 139
HYPERLINK \l "_Toc386779872" 3.4.4.2.3.2.5 ActiveDirectoryPartition/Name PAGEREF _Toc386779872 \h 139
HYPERLINK \l "_Toc386779873" 3.4.4.2.3.2.6 ActiveDirectoryPartition/ObjectClass PAGEREF _Toc386779873 \h 139
HYPERLINK \l "_Toc386779874" 3.4.4.2.3.2.7 ActiveDirectoryPartition/ObjectGuid PAGEREF _Toc386779874 \h 140
HYPERLINK \l "_Toc386779875" 3.4.4.2.3.2.8 ActiveDirectoryPartition/ObjectTypes PAGEREF _Toc386779875 \h 140
HYPERLINK \l "_Toc386779876" 3.4.4.2.3.2.9 ActiveDirectoryPartition/SubordinateReferences PAGEREF _Toc386779876 \h 140
HYPERLINK \l "_Toc386779877" 3.4.4.2.3.2.10 ActiveDirectoryPartition/QuotasContainer PAGEREF _Toc386779877 \h 140
HYPERLINK \l "_Toc386779878" 3.4.4.2.3.2.11 ActiveDirectoryPartition/ReadOnlyReplicaDirectoryServer PAGEREF _Toc386779878 \h 141
HYPERLINK \l "_Toc386779879" 3.4.4.2.3.2.12 ActiveDirectoryPartition/ReferenceServer PAGEREF _Toc386779879 \h 141
HYPERLINK \l "_Toc386779880" 3.4.4.2.3.2.13 ActiveDirectoryPartition/ReplicaDirectoryServer PAGEREF _Toc386779880 \h 141
HYPERLINK \l "_Toc386779881" 3.4.4.2.3.3 GetADDomainFault PAGEREF _Toc386779881 \h 142
HYPERLINK \l "_Toc386779882" 3.4.4.2.4 Simple Types PAGEREF _Toc386779882 \h 142
HYPERLINK \l "_Toc386779883" 3.4.4.2.5 Attributes PAGEREF _Toc386779883 \h 142
HYPERLINK \l "_Toc386779884" 3.4.4.2.6 Groups PAGEREF _Toc386779884 \h 142
HYPERLINK \l "_Toc386779885" 3.4.4.2.7 Attribute Groups PAGEREF _Toc386779885 \h 142
HYPERLINK \l "_Toc386779886" 3.4.4.2.8 GetADDomain SOAP Faults PAGEREF _Toc386779886 \h 143
HYPERLINK \l "_Toc386779887" 3.4.4.2.8.1 Bad Parameter Error PAGEREF _Toc386779887 \h 143
HYPERLINK \l "_Toc386779888" 3.4.4.2.8.2 Directory Error PAGEREF _Toc386779888 \h 144
HYPERLINK \l "_Toc386779889" 3.4.4.2.8.3 Bad Principal Error PAGEREF _Toc386779889 \h 145
HYPERLINK \l "_Toc386779890" 3.4.4.2.8.4 Authentication Error PAGEREF _Toc386779890 \h 146
HYPERLINK \l "_Toc386779891" 3.4.4.3 GetADDomainController PAGEREF _Toc386779891 \h 146
HYPERLINK \l "_Toc386779892" 3.4.4.3.1 Messages PAGEREF _Toc386779892 \h 147
HYPERLINK \l "_Toc386779893" 3.4.4.3.1.1 GetADDomainControllerRequest PAGEREF _Toc386779893 \h 148
HYPERLINK \l "_Toc386779894" 3.4.4.3.1.2 GetADDomainControllerResponse PAGEREF _Toc386779894 \h 148
HYPERLINK \l "_Toc386779895" 3.4.4.3.1.3 TopologyManagement_GetADDomainController_GetADDomainControllerFault_FaultMessage PAGEREF _Toc386779895 \h 148
HYPERLINK \l "_Toc386779896" 3.4.4.3.2 Elements PAGEREF _Toc386779896 \h 148
HYPERLINK \l "_Toc386779897" 3.4.4.3.2.1 GetADDomainControllerFault PAGEREF _Toc386779897 \h 149
HYPERLINK \l "_Toc386779898" 3.4.4.3.2.2 GetADDomainControllerRequest PAGEREF _Toc386779898 \h 149
HYPERLINK \l "_Toc386779899" 3.4.4.3.2.3 GetADDomainControllerRequest/NtdsSettingsDN PAGEREF _Toc386779899 \h 149
HYPERLINK \l "_Toc386779900" 3.4.4.3.2.4 GetADDomainControllerResponse PAGEREF _Toc386779900 \h 149
HYPERLINK \l "_Toc386779901" 3.4.4.3.2.5 GetADDomainControllerResponse/DomainControllers PAGEREF _Toc386779901 \h 150
HYPERLINK \l "_Toc386779902" 3.4.4.3.3 Complex Types PAGEREF _Toc386779902 \h 150
HYPERLINK \l "_Toc386779903" 3.4.4.3.3.1 ActiveDirectoryDirectoryServer PAGEREF _Toc386779903 \h 150
HYPERLINK \l "_Toc386779904" 3.4.4.3.3.1.1 ActiveDirectoryDirectoryServer/DefaultPartition PAGEREF _Toc386779904 \h 151
HYPERLINK \l "_Toc386779905" 3.4.4.3.3.1.2 ActiveDirectoryDirectoryServer/HostName PAGEREF _Toc386779905 \h 151
HYPERLINK \l "_Toc386779906" 3.4.4.3.3.1.3 ActiveDirectoryDirectoryServer/InvocationId PAGEREF _Toc386779906 \h 151
HYPERLINK \l "_Toc386779907" 3.4.4.3.3.1.4 ActiveDirectoryDirectoryServer/LdapPort PAGEREF _Toc386779907 \h 152
HYPERLINK \l "_Toc386779908" 3.4.4.3.3.1.5 ActiveDirectoryDirectoryServer/Name PAGEREF _Toc386779908 \h 152
HYPERLINK \l "_Toc386779909" 3.4.4.3.3.1.6 ActiveDirectoryDirectoryServer/NTDSSettingsObjectDN PAGEREF _Toc386779909 \h 152
HYPERLINK \l "_Toc386779910" 3.4.4.3.3.1.7 ActiveDirectoryDirectoryServer/OperationMasterRole PAGEREF _Toc386779910 \h 152
HYPERLINK \l "_Toc386779911" 3.4.4.3.3.1.8 ActiveDirectoryDirectoryServer/Partitions PAGEREF _Toc386779911 \h 153
HYPERLINK \l "_Toc386779912" 3.4.4.3.3.1.9 ActiveDirectoryDirectoryServer/ServerObjectDN PAGEREF _Toc386779912 \h 153
HYPERLINK \l "_Toc386779913" 3.4.4.3.3.1.10 ActiveDirectoryDirectoryServer/ServerObjectGuid PAGEREF _Toc386779913 \h 154
HYPERLINK \l "_Toc386779914" 3.4.4.3.3.1.11 ActiveDirectoryDirectoryServer/Site PAGEREF _Toc386779914 \h 154
HYPERLINK \l "_Toc386779915" 3.4.4.3.3.1.12 ActiveDirectoryDirectoryServer/SslPort PAGEREF _Toc386779915 \h 154
HYPERLINK \l "_Toc386779916" 3.4.4.3.3.2 ActiveDirectoryDomainController PAGEREF _Toc386779916 \h 155
HYPERLINK \l "_Toc386779917" 3.4.4.3.3.2.1 ActiveDirectoryDomainController/ComputerDN PAGEREF _Toc386779917 \h 155
HYPERLINK \l "_Toc386779918" 3.4.4.3.3.2.2 ActiveDirectoryDomainController/Domain PAGEREF _Toc386779918 \h 155
HYPERLINK \l "_Toc386779919" 3.4.4.3.3.2.3 ActiveDirectoryDomainController/Enabled PAGEREF _Toc386779919 \h 156
HYPERLINK \l "_Toc386779920" 3.4.4.3.3.2.4 ActiveDirectoryDomainController/Forest PAGEREF _Toc386779920 \h 156
HYPERLINK \l "_Toc386779921" 3.4.4.3.3.2.5 ActiveDirectoryDomainController/IsGlobalCatalog PAGEREF _Toc386779921 \h 156
HYPERLINK \l "_Toc386779922" 3.4.4.3.3.2.6 ActiveDirectoryDomainController/IsReadOnly PAGEREF _Toc386779922 \h 157
HYPERLINK \l "_Toc386779923" 3.4.4.3.3.2.7 ActiveDirectoryDomainController/OSHotFix PAGEREF _Toc386779923 \h 157
HYPERLINK \l "_Toc386779924" 3.4.4.3.3.2.8 ActiveDirectoryDomainController/OSName PAGEREF _Toc386779924 \h 157
HYPERLINK \l "_Toc386779925" 3.4.4.3.3.2.9 ActiveDirectoryDomainController/OSServicepack PAGEREF _Toc386779925 \h 158
HYPERLINK \l "_Toc386779926" 3.4.4.3.3.2.10 ActiveDirectoryDomainController/OSVersion PAGEREF _Toc386779926 \h 158
HYPERLINK \l "_Toc386779927" 3.4.4.3.3.3 ArrayOfActiveDirectoryDomainController PAGEREF _Toc386779927 \h 158
HYPERLINK \l "_Toc386779928" 3.4.4.3.3.4 ArrayOfActiveDirectoryOperationMasterRole PAGEREF _Toc386779928 \h 159
HYPERLINK \l "_Toc386779929" 3.4.4.3.3.5 GetADDomainControllerFault PAGEREF _Toc386779929 \h 159
HYPERLINK \l "_Toc386779930" 3.4.4.3.4 Simple Types PAGEREF _Toc386779930 \h 159
HYPERLINK \l "_Toc386779931" 3.4.4.3.5 Attributes PAGEREF _Toc386779931 \h 159
HYPERLINK \l "_Toc386779932" 3.4.4.3.6 Groups PAGEREF _Toc386779932 \h 159
HYPERLINK \l "_Toc386779933" 3.4.4.3.7 Attribute Groups PAGEREF _Toc386779933 \h 159
HYPERLINK \l "_Toc386779934" 3.4.4.3.8 GetADDomainController SOAP Faults PAGEREF _Toc386779934 \h 159
HYPERLINK \l "_Toc386779935" 3.4.4.3.8.1 Bad Parameter Error PAGEREF _Toc386779935 \h 160
HYPERLINK \l "_Toc386779936" 3.4.4.3.8.2 Invalid NtdsSettingsDN Error PAGEREF _Toc386779936 \h 161
HYPERLINK \l "_Toc386779937" 3.4.4.3.8.3 Directory Error PAGEREF _Toc386779937 \h 162
HYPERLINK \l "_Toc386779938" 3.4.4.3.8.4 Authentication Error PAGEREF _Toc386779938 \h 162
HYPERLINK \l "_Toc386779939" 3.4.4.4 GetADForest PAGEREF _Toc386779939 \h 163
HYPERLINK \l "_Toc386779940" 3.4.4.4.1 Messages PAGEREF _Toc386779940 \h 164
HYPERLINK \l "_Toc386779941" 3.4.4.4.1.1 GetADForestRequest PAGEREF _Toc386779941 \h 164
HYPERLINK \l "_Toc386779942" 3.4.4.4.1.2 GetADForestResponse PAGEREF _Toc386779942 \h 164
HYPERLINK \l "_Toc386779943" 3.4.4.4.1.3 TopologyManagement_GetADForest_GetADForestFault_FaultMessage PAGEREF _Toc386779943 \h 165
HYPERLINK \l "_Toc386779944" 3.4.4.4.2 Elements PAGEREF _Toc386779944 \h 165
HYPERLINK \l "_Toc386779945" 3.4.4.4.2.1 GetADForestFault PAGEREF _Toc386779945 \h 165
HYPERLINK \l "_Toc386779946" 3.4.4.4.2.2 GetADForestRequest PAGEREF _Toc386779946 \h 165
HYPERLINK \l "_Toc386779947" 3.4.4.4.2.3 GetADForestResponse PAGEREF _Toc386779947 \h 166
HYPERLINK \l "_Toc386779948" 3.4.4.4.2.4 GetADForestResponse/Forest PAGEREF _Toc386779948 \h 166
HYPERLINK \l "_Toc386779949" 3.4.4.4.3 Complex Types PAGEREF _Toc386779949 \h 166
HYPERLINK \l "_Toc386779950" 3.4.4.4.3.1 ActiveDirectoryForest PAGEREF _Toc386779950 \h 166
HYPERLINK \l "_Toc386779951" 3.4.4.4.3.1.1 ActiveDirectoryForest/ApplicationPartitions PAGEREF _Toc386779951 \h 167
HYPERLINK \l "_Toc386779952" 3.4.4.4.3.1.2 ActiveDirectoryForest/CrossForestReferences PAGEREF _Toc386779952 \h 167
HYPERLINK \l "_Toc386779953" 3.4.4.4.3.1.3 ActiveDirectoryForest/DomainNamingMaster PAGEREF _Toc386779953 \h 168
HYPERLINK \l "_Toc386779954" 3.4.4.4.3.1.4 ActiveDirectoryForest/Domains PAGEREF _Toc386779954 \h 168
HYPERLINK \l "_Toc386779955" 3.4.4.4.3.1.5 ActiveDirectoryForest/ForestMode PAGEREF _Toc386779955 \h 169
HYPERLINK \l "_Toc386779956" 3.4.4.4.3.1.6 ActiveDirectoryForest/GlobalCatalogs PAGEREF _Toc386779956 \h 169
HYPERLINK \l "_Toc386779957" 3.4.4.4.3.1.7 ActiveDirectoryForest/Name PAGEREF _Toc386779957 \h 169
HYPERLINK \l "_Toc386779958" 3.4.4.4.3.1.8 ActiveDirectoryForest/RootDomain PAGEREF _Toc386779958 \h 170
HYPERLINK \l "_Toc386779959" 3.4.4.4.3.1.9 ActiveDirectoryForest/SchemaMaster PAGEREF _Toc386779959 \h 170
HYPERLINK \l "_Toc386779960" 3.4.4.4.3.1.10 ActiveDirectoryForest/Sites PAGEREF _Toc386779960 \h 170
HYPERLINK \l "_Toc386779961" 3.4.4.4.3.1.11 ActiveDirectoryForest/SPNSuffixes PAGEREF _Toc386779961 \h 171
HYPERLINK \l "_Toc386779962" 3.4.4.4.3.1.12 ActiveDirectoryForest/UPNSuffixes PAGEREF _Toc386779962 \h 171
HYPERLINK \l "_Toc386779963" 3.4.4.4.3.2 GetADForestFault PAGEREF _Toc386779963 \h 171
HYPERLINK \l "_Toc386779964" 3.4.4.4.4 Simple Types PAGEREF _Toc386779964 \h 171
HYPERLINK \l "_Toc386779965" 3.4.4.4.5 Attributes PAGEREF _Toc386779965 \h 171
HYPERLINK \l "_Toc386779966" 3.4.4.4.6 Groups PAGEREF _Toc386779966 \h 171
HYPERLINK \l "_Toc386779967" 3.4.4.4.7 Attribute Groups PAGEREF _Toc386779967 \h 172
HYPERLINK \l "_Toc386779968" 3.4.4.4.8 GetADForest SOAP Faults PAGEREF _Toc386779968 \h 172
HYPERLINK \l "_Toc386779969" 3.4.4.4.8.1 Bad Parameter Error PAGEREF _Toc386779969 \h 172
HYPERLINK \l "_Toc386779970" 3.4.4.4.8.2 Directory Error PAGEREF _Toc386779970 \h 173
HYPERLINK \l "_Toc386779971" 3.4.4.4.8.3 Authentication Error PAGEREF _Toc386779971 \h 174
HYPERLINK \l "_Toc386779972" 3.4.4.5 GetVersion PAGEREF _Toc386779972 \h 175
HYPERLINK \l "_Toc386779973" 3.4.4.5.1 Messages PAGEREF _Toc386779973 \h 175
HYPERLINK \l "_Toc386779974" 3.4.4.5.1.1 GetVersionRequest PAGEREF _Toc386779974 \h 175
HYPERLINK \l "_Toc386779975" 3.4.4.5.1.2 GetVersionResponse PAGEREF _Toc386779975 \h 176
HYPERLINK \l "_Toc386779976" 3.4.4.5.1.3 TopologyManagement_GetVersion_GetVersionFault_FaultMessage PAGEREF _Toc386779976 \h 176
HYPERLINK \l "_Toc386779977" 3.4.4.5.2 Elements PAGEREF _Toc386779977 \h 176
HYPERLINK \l "_Toc386779978" 3.4.4.5.2.1 GetVersionFault PAGEREF _Toc386779978 \h 176
HYPERLINK \l "_Toc386779979" 3.4.4.5.2.2 GetVersionRequest PAGEREF _Toc386779979 \h 177
HYPERLINK \l "_Toc386779980" 3.4.4.5.2.3 GetVersionResponse PAGEREF _Toc386779980 \h 177
HYPERLINK \l "_Toc386779981" 3.4.4.5.2.4 GetVersionResponse/VersionMajor PAGEREF _Toc386779981 \h 177
HYPERLINK \l "_Toc386779982" 3.4.4.5.2.5 GetVersionResponse/VersionMinor PAGEREF _Toc386779982 \h 177
HYPERLINK \l "_Toc386779983" 3.4.4.5.2.6 GetVersionResponse/VersionString PAGEREF _Toc386779983 \h 178
HYPERLINK \l "_Toc386779984" 3.4.4.5.3 Complex Types PAGEREF _Toc386779984 \h 178
HYPERLINK \l "_Toc386779985" 3.4.4.5.3.1 GetVersionFault PAGEREF _Toc386779985 \h 178
HYPERLINK \l "_Toc386779986" 3.4.4.5.4 Simple Types PAGEREF _Toc386779986 \h 178
HYPERLINK \l "_Toc386779987" 3.4.4.5.5 Attributes PAGEREF _Toc386779987 \h 178
HYPERLINK \l "_Toc386779988" 3.4.4.5.6 Groups PAGEREF _Toc386779988 \h 178
HYPERLINK \l "_Toc386779989" 3.4.4.5.7 Attribute Groups PAGEREF _Toc386779989 \h 179
HYPERLINK \l "_Toc386779990" 3.4.4.5.8 GetVersion SOAP Faults PAGEREF _Toc386779990 \h 179
HYPERLINK \l "_Toc386779991" 3.4.4.6 MoveADOperationMasterRole PAGEREF _Toc386779991 \h 179
HYPERLINK \l "_Toc386779992" 3.4.4.6.1 Messages PAGEREF _Toc386779992 \h 180
HYPERLINK \l "_Toc386779993" 3.4.4.6.1.1 MoveADOperationMasterRoleRequest PAGEREF _Toc386779993 \h 180
HYPERLINK \l "_Toc386779994" 3.4.4.6.1.2 MoveADOperationMasterRoleResponse PAGEREF _Toc386779994 \h 180
HYPERLINK \l "_Toc386779995" 3.4.4.6.1.3 TopologyManagement_MoveADOperationMasterRole_MoveADOperationMasterRoleFault_FaultMessage PAGEREF _Toc386779995 \h 181
HYPERLINK \l "_Toc386779996" 3.4.4.6.2 Elements PAGEREF _Toc386779996 \h 181
HYPERLINK \l "_Toc386779997" 3.4.4.6.2.1 MoveADOperationMasterRoleFault PAGEREF _Toc386779997 \h 181
HYPERLINK \l "_Toc386779998" 3.4.4.6.2.2 MoveADOperationMasterRoleRequest PAGEREF _Toc386779998 \h 181
HYPERLINK \l "_Toc386779999" 3.4.4.6.2.3 MoveADOperationMasterRoleRequest/OperationMasterRole PAGEREF _Toc386779999 \h 182
HYPERLINK \l "_Toc386780000" 3.4.4.6.2.3.1 Transferring a FSMO Role PAGEREF _Toc386780000 \h 182
HYPERLINK \l "_Toc386780001" 3.4.4.6.2.3.2 Seizing a FSMO Role PAGEREF _Toc386780001 \h 182
HYPERLINK \l "_Toc386780002" 3.4.4.6.2.4 MoveADOperationMasterRoleRequest/Seize PAGEREF _Toc386780002 \h 183
HYPERLINK \l "_Toc386780003" 3.4.4.6.2.5 MoveADOperationMasterRoleResponse PAGEREF _Toc386780003 \h 183
HYPERLINK \l "_Toc386780004" 3.4.4.6.2.6 MoveADOperationMasterRoleResponse/WasSeized PAGEREF _Toc386780004 \h 183
HYPERLINK \l "_Toc386780005" 3.4.4.6.3 Complex Types PAGEREF _Toc386780005 \h 184
HYPERLINK \l "_Toc386780006" 3.4.4.6.3.1 MoveADOperationMasterRoleFault PAGEREF _Toc386780006 \h 184
HYPERLINK \l "_Toc386780007" 3.4.4.6.4 Simple Types PAGEREF _Toc386780007 \h 184
HYPERLINK \l "_Toc386780008" 3.4.4.6.5 Attributes PAGEREF _Toc386780008 \h 184
HYPERLINK \l "_Toc386780009" 3.4.4.6.6 Groups PAGEREF _Toc386780009 \h 184
HYPERLINK \l "_Toc386780010" 3.4.4.6.7 Attribute Groups PAGEREF _Toc386780010 \h 184
HYPERLINK \l "_Toc386780011" 3.4.4.6.8 MoveADOperationMasterRole SOAP Faults PAGEREF _Toc386780011 \h 184
HYPERLINK \l "_Toc386780012" 3.4.4.6.8.1 Bad Parameter Error PAGEREF _Toc386780012 \h 185
HYPERLINK \l "_Toc386780013" 3.4.4.6.8.2 Could Not Transfer PDC FSMO Error PAGEREF _Toc386780013 \h 186
HYPERLINK \l "_Toc386780014" 3.4.4.6.8.3 Unwilling to Perform Error PAGEREF _Toc386780014 \h 187
HYPERLINK \l "_Toc386780015" 3.4.4.6.8.4 Directory Error PAGEREF _Toc386780015 \h 187
HYPERLINK \l "_Toc386780016" 3.4.4.6.8.5 Authorization Error PAGEREF _Toc386780016 \h 188
HYPERLINK \l "_Toc386780017" 3.4.4.6.8.6 Authentication Error PAGEREF _Toc386780017 \h 189
HYPERLINK \l "_Toc386780018" 3.4.5 Timer Events PAGEREF _Toc386780018 \h 190
HYPERLINK \l "_Toc386780019" 3.4.6 Other Local Events PAGEREF _Toc386780019 \h 190
HYPERLINK \l "_Toc386780020" 4 Protocol Examples PAGEREF _Toc386780020 \h 191
HYPERLINK \l "_Toc386780021" 4.1 AccountManagement Examples PAGEREF _Toc386780021 \h 191
HYPERLINK \l "_Toc386780022" 4.1.1 Example of ChangePassword PAGEREF _Toc386780022 \h 191
HYPERLINK \l "_Toc386780023" 4.1.2 Example of GetADGroupMember PAGEREF _Toc386780023 \h 193
HYPERLINK \l "_Toc386780024" 4.1.3 Example of GetADPrincipalAuthorizationGroup PAGEREF _Toc386780024 \h 194
HYPERLINK \l "_Toc386780025" 4.1.4 Example of GetADPrincipalGroupMembership PAGEREF _Toc386780025 \h 198
HYPERLINK \l "_Toc386780026" 4.1.5 Example of SetPassword PAGEREF _Toc386780026 \h 201
HYPERLINK \l "_Toc386780027" 4.1.6 Example of TranslateName PAGEREF _Toc386780027 \h 203
HYPERLINK \l "_Toc386780028" 4.2 TopologyManagement Examples PAGEREF _Toc386780028 \h 204
HYPERLINK \l "_Toc386780029" 4.2.1 Example of ChangeOptionalFeature PAGEREF _Toc386780029 \h 204
HYPERLINK \l "_Toc386780030" 4.2.2 Example of GetADDomain PAGEREF _Toc386780030 \h 205
HYPERLINK \l "_Toc386780031" 4.2.3 Example of GetADDomainController PAGEREF _Toc386780031 \h 208
HYPERLINK \l "_Toc386780032" 4.2.4 Example of GetADForest PAGEREF _Toc386780032 \h 210
HYPERLINK \l "_Toc386780033" 4.2.5 Example of GetVersion PAGEREF _Toc386780033 \h 211
HYPERLINK \l "_Toc386780034" 4.2.6 Example of MoveADOperationMasterRole PAGEREF _Toc386780034 \h 212
HYPERLINK \l "_Toc386780035" 5 Security PAGEREF _Toc386780035 \h 214
HYPERLINK \l "_Toc386780036" 5.1 Security Considerations for Implementers PAGEREF _Toc386780036 \h 214
HYPERLINK \l "_Toc386780037" 5.2 Index of Security Parameters PAGEREF _Toc386780037 \h 214
HYPERLINK \l "_Toc386780038" 6 Appendix A: Full WSDL PAGEREF _Toc386780038 \h 215
HYPERLINK \l "_Toc386780039" 7 Appendix B: Product Behavior PAGEREF _Toc386780039 \h 235
HYPERLINK \l "_Toc386780040" 8 Change Tracking PAGEREF _Toc386780040 \h 249
HYPERLINK \l "_Toc386780041" 9 Index PAGEREF _Toc386780041 \h 250
1 Introduction
The Active Directory Web Services: Custom Action Protocol is used for directory access in identity management and topology management. Examples of these operations are managing HYPERLINK "[MS-GLOS].pdf" groups and passwords (identity management; see section HYPERLINK \l "z51e35971336a43f19f31ce4ba7ce475b" 3.3) and retrieving information about the HYPERLINK "[MS-GLOS].pdf" forest and HYPERLINK "[MS-GLOS].pdf" domain (topology management; see section HYPERLINK \l "z81c0507746214240ae373e06cf8a294f" 3.4). A portion of the Microsoft implementation of the Active Directory Web Services: Custom Action Protocol is used to communicate between servers; for example the implementation of server-to-server HYPERLINK "[MS-GLOS].pdf" FSMO transfers or the implementation of server-to-server methods for retrieving group memberships from other servers. Those server-to-server communications are not used by Microsoft to communicate with Windows client operating systems and are not included in this specification. Licensees can implement those server-to-server communications using any protocol they choose. This specification describes the client-to-server portions of the Active Directory Web Services: Custom Action Protocol that are used between Windows servers and Windows client operating systems to manage HYPERLINK "[MS-GLOS].pdf" Active Directory identities and topologies. In some cases, the client-to-server communications include status of the success or failure of server-to-server communication, to give administrators the ability to assist in diagnosing or monitoring the server-to-server implementation. However, the specific content of these communications is not understood by Windows client operating systems, and the semantics are not prescribed by this specification. Interoperation with Windows client operating systems does not require an understanding of the status of the server-to-server implementation. Licensees can implement the Active Directory Web Services: Custom Action Protocol to provide and accept any status that is meaningful for diagnosing or monitoring their server-to-server communications, or no data at all, as they choose.
The goal of this specification is to enable the transition of client applications that are currently using nonWeb services protocols such as HYPERLINK "[MS-GLOS].pdf" Lightweight Directory Access Protocol (LDAP) version 3 HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90325" [RFC2251] for managing information held in HYPERLINK "[MS-GLOS].pdf" directory services to using Web services protocols.
Sections 1.8, 2, and 3 of this specification are normative and can contain the terms MAY, SHOULD, MUST, MUST NOT, and SHOULD NOT as defined in RFC 2119. Sections 1.5 and 1.9 are also normative but cannot contain those terms. All other sections and examples in this specification are informative.
1.1 Glossary
The following terms are defined in HYPERLINK "[MS-GLOS].pdf" [MS-GLOS]:
Active DirectoryActive Directory Domain Services (AD DS)application NCattributecomputer objectconfiguration naming context (config NC)crossRef objectdirectory objectdirectory service (DS)distinguished name (DN)domaindomain controller (DC)domain local groupDomain Name System (DNS)domain naming context (domain NC)domain naming service namedomain treeflexible single master operation (FSMO)forestforest functional levelfully qualified domain name (FQDN)(1)(2)FSMO roleglobal catalog (GC)global groupglobally unique identifier (GUID)groupgroup objectGroup PolicyGroup Policy Object (GPO)Lightweight Directory Access Protocol (LDAP)naming context (NC)NetBIOS nameobject classobject class inheritanceprincipalread-only domain controller (RODC)relative identifier (RID)root directory system agent-specific entry (rootDSE)root domainschema naming context (schema NC)Secure Sockets Layer (SSL)security identifier (SID)security principalsiteSOAPSOAP actionSOAP bodySOAP faultSOAP fault codeSOAP fault detailSOAP headerSOAP header blockSOAP messageSOAP mustUnderstand attributeUniform Resource Locator (URL)universal groupuser objectWeb Services Description Language (WSDL)WSDL messageWSDL operationWSDL port typeXMLXML namespace
The following terms are defined in HYPERLINK "[MS-ADTS].pdf" [MS-ADTS]:
security-enabled group
The following terms are specific to this document:
Active Directory Lightweight Directory Services (AD LDS): A general-purpose network HYPERLINK "[MS-GLOS].pdf" directory service that is an independent mode of HYPERLINK "[MS-GLOS].pdf" Active Directory and that provides dedicated HYPERLINK "[MS-GLOS].pdf" directory services for applications. See HYPERLINK "[MS-ADTS].pdf" [MS-ADTS].
Active Directory Web Services (ADWS): Provides a Web Service interface to HYPERLINK "[MS-GLOS].pdf" Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS) instances.
authenticable principal: In HYPERLINK "[MS-GLOS].pdf" AD DS, a HYPERLINK "[MS-GLOS].pdf" directory object of class user or of a class derived from user. In AD LDS, a HYPERLINK "[MS-GLOS].pdf" directory object of a class that statically links to the msDS-BindableObject auxiliary class. See HYPERLINK "[MS-ADTS].pdf" [MS-ADTS] section 3.1.1.2.4.
child domain: A HYPERLINK "[MS-GLOS].pdf" domain that is a member of a HYPERLINK "[MS-GLOS].pdf" domain tree but is not the HYPERLINK "[MS-GLOS].pdf" root domain of the HYPERLINK "[MS-GLOS].pdf" domain tree.
directory instance: The HYPERLINK "[MS-GLOS].pdf" directory service referred to by the HYPERLINK "[MS-GLOS].pdf" SOAP header in the Active Directory Web Services: Custom Action Protocol custom action HYPERLINK "[MS-GLOS].pdf" XML operation, which is the target of the custom action request. This HYPERLINK "[MS-GLOS].pdf" directory service is assumed to be running locally on the server. This may be an HYPERLINK "[MS-GLOS].pdf" Active Directory HYPERLINK "[MS-GLOS].pdf" directory service instance, or an Active Directory Lightweight Directory Service instance (one of possibly many). For more detail on the format of the HYPERLINK "[MS-GLOS].pdf" SOAP header see HYPERLINK "[MS-ADDM].pdf" [MS-ADDM] section 2.5.1.
endPoint: In the context of a Web service, a network target to which a HYPERLINK "[MS-GLOS].pdf" SOAP message can addressed. See HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=113065" [WSADDR].
non-authenticable principal: A reference identifying a HYPERLINK "[MS-GLOS].pdf" directory object that is not an authenticable principal object.
non-user principal: A reference identifying a HYPERLINK "[MS-GLOS].pdf" directory object that is not a HYPERLINK "[MS-GLOS].pdf" user object.
non-group principal: A reference identifying a HYPERLINK "[MS-GLOS].pdf" directory object that is not a HYPERLINK "[MS-GLOS].pdf" group object.
non-security principal: A reference identifying a HYPERLINK "[MS-GLOS].pdf" directory object that is not a HYPERLINK "[MS-GLOS].pdf" security principal object.
nonexistent naming context (nonexistent NC): A reference that does not identify an HYPERLINK "[MS-GLOS].pdf" NC in the specified directory instance.
nonexistent principal: A reference that does not identify a HYPERLINK "[MS-GLOS].pdf" security principal in the specified directory instance.
nTDSDSA object: Each HYPERLINK "[MS-GLOS].pdf" domain controller in a HYPERLINK "[MS-GLOS].pdf" domain has an nTDSDSA object. See HYPERLINK "[MS-ADTS].pdf" [MS-ADTS] section 6.1.1.2.2.1.2.1.1.
parent domain: A HYPERLINK "[MS-GLOS].pdf" domain that is part of a HYPERLINK "[MS-GLOS].pdf" domain tree and has child domains is a parent of those child domains.
primary group: The HYPERLINK "[MS-GLOS].pdf" group object identified by the primaryGroupID attribute ( HYPERLINK "[MS-ADA3].pdf" [MS-ADA3] section 2.120) of a user object ( HYPERLINK "[MS-ADSC].pdf" [MS-ADSC] section HYPERLINK \l "z719c00352aa44ca6b76341a758bd2410" 2.263). The primary group's objectSid equals the user's objectSid, with its HYPERLINK "[MS-GLOS].pdf" relative identifier (RID) portion replaced by the primaryGroupID value. The user is considered a member of its primary group.
snapshot store instance: A read-only copy of an HYPERLINK "[MS-GLOS].pdf" Active Directory Domain Services instance or an Active Directory Lightweight Directory Services instance at some point in time.
SOAP fault subcode: An element of a HYPERLINK "[MS-GLOS].pdf" SOAP fault, defined in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90521" [SOAP1.2-1/2003].
Uniform Resource Identifier (URI): A string of characters in a standardized format that identifies a resource on a network HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90339" [RFC2396].
MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as described in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90317" [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.
1.2 References
References to Microsoft Open Specifications documentation do not include a publishing year because links are to the latest version of the documents, which are updated frequently. References to other documents include a publishing year when one is available.
1.2.1 Normative References
We conduct frequent surveys of the normative references to assure their continued availability. If you have any issue with finding a normative reference, please contact HYPERLINK "mailto:dochelp@microsoft.com" dochelp@microsoft.com. We will assist you in finding the relevant information.
[MS-ADA1] Microsoft Corporation, " HYPERLINK "[MS-ADA1].pdf" Active Directory Schema Attributes A-L".
[MS-ADA2] Microsoft Corporation, " HYPERLINK "[MS-ADA2].pdf" Active Directory Schema Attributes M".
[MS-ADA3] Microsoft Corporation, " HYPERLINK "[MS-ADA3].pdf" Active Directory Schema Attributes N-Z".
[MS-ADDM] Microsoft Corporation, " HYPERLINK "[MS-ADDM].pdf" Active Directory Web Services: Data Model and Common Elements".
[MS-ADLS] Microsoft Corporation, " HYPERLINK "[MS-ADLS].pdf" Active Directory Lightweight Directory Services Schema".
[MS-ADSC] Microsoft Corporation, " HYPERLINK "[MS-ADSC].pdf" Active Directory Schema Classes".
[MS-ADTS] Microsoft Corporation, " HYPERLINK "[MS-ADTS].pdf" Active Directory Technical Specification".
[MS-DRSR] Microsoft Corporation, " HYPERLINK "[MS-DRSR].pdf" Directory Replication Service (DRS) Remote Protocol".
[MS-DTYP] Microsoft Corporation, " HYPERLINK "[MS-DTYP].pdf" Windows Data Types".
[MS-ERREF] Microsoft Corporation, " HYPERLINK "[MS-ERREF].pdf" Windows Error Codes".
[MS-NNS] Microsoft Corporation, " HYPERLINK "[MS-NNS].pdf" .NET NegotiateStream Protocol".
[MS-GPOL] Microsoft Corporation, " HYPERLINK "[MS-GPOL].pdf" Group Policy: Core Protocol".
[MS-SAMR] Microsoft Corporation, " HYPERLINK "[MS-SAMR].pdf" Security Account Manager (SAM) Remote Protocol (Client-to-Server)".
[MS-WPO] Microsoft Corporation, " HYPERLINK "[MS-WPO].pdf" Windows Protocols Overview".
[MS-WSDS] Microsoft Corporation, " HYPERLINK "[MS-WSDS].pdf" WS-Enumeration: Directory Services Protocol Extensions".
[MS-WSPELD] Microsoft Corporation, " HYPERLINK "[MS-WSPELD].pdf" WS-Transfer and WS-Enumeration Protocol Extension for Lightweight Directory Access Protocol v3 Controls".
[MS-WSTIM] Microsoft Corporation, " HYPERLINK "[MS-WSTIM].pdf" WS-Transfer: Identity Management Operations for Directory Access Extensions".
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90317" http://www.rfc-editor.org/rfc/rfc2119.txt
[RFC2251] Wahl, M., Howes, T., and Kille, S., "Lightweight Directory Access Protocol (v3)", RFC 2251, December 1997, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90325" http://www.ietf.org/rfc/rfc2251.txt
[RFC2396] Berners-Lee, T., Fielding, R., and Masinter, L., "Uniform Resource Identifiers (URI): Generic Syntax", RFC 2396, August 1998, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90339" http://www.ietf.org/rfc/rfc2396.txt
[RFC3296] Zeilenga, K., "Named Subordinate References in Lightweight Directory (LDAP) Directories", RFC 3296, July 2002, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=131789" http://www.ietf.org/rfc/rfc3296.txt
[RFC4122] Leach, P., Mealling, M., and Salz, R., "A Universally Unique Identifier (UUID) URN Namespace", RFC 4122, July 2005, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90460" http://www.ietf.org/rfc/rfc4122.txt
[SOAP1.1] Box, D., Ehnebuske, D., Kakivaya, G., et al., "Simple Object Access Protocol (SOAP) 1.1", May 2000, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90520" http://www.w3.org/TR/2000/NOTE-SOAP-20000508/
[SOAP1.2-1/2003] Gudgin, M., Hadley, M., Mendelsohn, N., et al., "SOAP Version 1.2 Part 1: Messaging Framework", W3C Recommendation, June 2003, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90521" http://www.w3.org/TR/2003/REC-soap12-part1-20030624
[WSADDR] Gudgin, M., Hadley, M., and Rogers, T., "Web Services Addressing (WS-Addressing) 1.0", W3C Recommendation, May 2006, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=113065" http://www.w3.org/2005/08/addressing
[WSASB] Gudgin, M., Hadley, M., and Rogers, T., "Web Services Addressing 1.0 - SOAP Binding", W3C Recommendation, May 2006, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=120449" http://www.w3.org/TR/2006/REC-ws-addr-soap-20060509/
[WSDL] Christensen, E., Curbera, F., Meredith, G., and Weerawarana, S., "Web Services Description Language (WSDL) 1.1", W3C Note, March 2001, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90577" http://www.w3.org/TR/2001/NOTE-wsdl-20010315
[WSDLSOAP] Angelov, D., Ballinger, K., Butek, R., et al., "WSDL 1.1 Binding Extension for SOAP 1.2", W3c Member Submission, April 2006, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=131790" http://www.w3.org/Submission/wsdl11soap12/
[XMLNS] Bray, T., Hollander, D., Layman, A., et al., Eds., "Namespaces in XML 1.0 (Third Edition)", W3C Recommendation, December 2009, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=191840" http://www.w3.org/TR/2009/REC-xml-names-20091208/
[XMLSCHEMA1] Thompson, H.S., Beech, D., Maloney, M., and Mendelsohn, N., Eds., "XML Schema Part 1: Structures", W3C Recommendation, May 2001, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90608" http://www.w3.org/TR/2001/REC-xmlschema-1-20010502/
[XMLSCHEMA2] Biron, P.V., and Malhotra, A., Eds., "XML Schema Part 2: Datatypes", W3C Recommendation, May 2001, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90610" http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/
1.2.2 Informative References
[MS-ADOD] Microsoft Corporation, " HYPERLINK "[MS-ADOD].pdf" Active Directory Protocols Overview".
[MS-AUTHSOD] Microsoft Corporation, " HYPERLINK "[MS-AUTHSOD].pdf" Authentication Services Protocols Overview".
[MS-GLOS] Microsoft Corporation, " HYPERLINK "[MS-GLOS].pdf" Windows Protocols Master Glossary".
1.3 Overview
The Active Directory Web Services: Custom Action Protocol is one of the protocols that make up the set of HYPERLINK \l "z2" Active Directory Web Services (ADWS) protocols. The Active Directory Web Services: Custom Action Protocol permits access to Active Directory HYPERLINK "[MS-ADTS].pdf" [MS-ADTS] via the use of common HYPERLINK "[MS-GLOS].pdf" SOAP-based Web services.
This protocol adds a protocol to ADWS to permit it to do such operations as changing passwords, expanding groups, retrieving domain, forest and HYPERLINK "[MS-GLOS].pdf" site information, and translating names.
To do so, this protocol defines the following HYPERLINK "[MS-GLOS].pdf" Web Services Description Language (WSDL) operations: HYPERLINK \l "z21" <1>
H Y P E R L I N K \ l " z 6 c 6 3 0 9 c 0 a 7 5 0 4 6 5 c 9 a e 8 4 3 3 6 4 1 3 a d 8 5 f " C h a n g e O p t i o n a l F e a t u r e
H Y P E R L I N K \ l " z e 6 1 e 2 0 d 4 3 1 b 5 4 4 9 a b a c 4 f c f 0 0 c 6 a 4 0 d 4 " C h a n g e P a s s w o r d
H Y P E R L I N K \ l " z 7 8 f 4 4 7 e 5 3 a 2 6 4 d e 5 b 8 c c 7 f 7 b 3 3 a 7 f 3 3 6 " G e t A D D o m a i n
H Y P E R L I N K \ l " z 3 c 9 b 9 f 1 d 6 5 5 d 4 3 a 2 a 2 3 1 9 b a 5 3 f d f 9 3 b 8 " G e t A D D o m a i n C o n t r o l l e r
H Y P E R L I N K \ l " z c 9 b 1 8 7 8 a 5 8 1 2 4 e 6 e 8 1 0 e 0 8 f c 3 2 b 7 3 b 0 b " G e t A D F o r e s t
H Y P E R L I N K \ l " z 3 5 0 1 d 6 1 e 4 3 c 7 4 9 9 b a 5 9 6 6 c 2 6 1 1 2 4 e 0 0 8 " G e t A D G r o u p M e m b e r
H Y P E R L I N K \ l " z c c c 9 e 8 0 6 e d f d 4 d 2 b 8 5 2 e e 9 2 0 6 7 7 6 9 0 e 9 " G e t A D P r i n c i p a l A u t h o r i z a t i o n G r o u p
H Y P E R L I N K \ l " z 3 5 2 8 e 4 3 c 5 1 7 4 4 1 2 a 8 2 d f 5 c 1 3 7 0 0 7 d b 2 8 " G e t A D P r i n c i p a l G r o u p M e m b e r s h i p
H Y P E R L I N K \ l " z 5 d 7 1 0 b e 8 1 6 e 1 4 1 1 c a 9 1 7 0 c 8 d c c e 6 8 f 6 4 " G e t V e r s i o n
H Y P E R L I N K \ l " z 1 4 a e 4 3 6 e 7 e b 3 4 d 1 5 9 6 4 4 6 9 7 f e f 6 4 9 d 4 9 " M o v e A D O p e r a t i o n M a s t e r R o l e
H Y P E R L I N K \ l " z b 2 f c 9 3 7 7 d b 9 3 4 9 0 2 9 8 d 7 7 d 7 3 b d 2 7 3 f 8 a " S e t P a s s w o r d
H Y P E R L I N K \ l " z c 8 c c a d 9 4 b 8 c d 4 f f 0 9 a 7 c 0 3 d 5 8 0 d 9 8 e 9 f " T r a n s l a t e N a m e
R e q u e s t s t h a t m a k e u s e o f t h e A c t i v e D i r e c t o r y W e b S e r v i c e s : C u s t o m A c t i o n P r o t o c o l c a n b e i d e n t i f i e d b y t h e p r e s e n c e o f a p r o t o c o l - s p e c i f ic HYPERLINK "[MS-GLOS].pdf" SOAP header.
The Active Directory Web Services: Custom Action Protocol specifies a set of HYPERLINK "[MS-GLOS].pdf" SOAP faults that a server is permitted to return to the client to indicate that an error occurred while processing the request. The intent is to allow interoperability between clients and servers by providing a standardized set of errors that both sides of the communication session can understand. This protocol specifies SOAP faults for the custom actions as specified in section HYPERLINK \l "z8ac0d35b56194e2da78a40abc97843dd" 3.
1.4 Relationship to Other Protocols
The Active Directory Web Services: Custom Action Protocol uses transports that support the sending of HYPERLINK "[MS-GLOS].pdf" SOAP messages, as described in section HYPERLINK \l "zc38ad5148ab7480a94fc3a63a138e2cb" 2.1 and as shown in the following layering diagram.
Figure 1: Protocol layering diagram
The information in this document is used by the Active Directory Web Services: Custom Action Protocol in the set of ADWS protocols. The ADWS protocol documentation set comprises this document and the following documents: HYPERLINK "[MS-WSDS].pdf" [MS-WSDS], HYPERLINK "[MS-WSPELD].pdf" [MS-WSPELD], HYPERLINK "[MS-WSTIM].pdf" [MS-WSTIM], and HYPERLINK "[MS-ADDM].pdf" [MS-ADDM].
Active Directory Web Services: Custom Action Protocol uses the Microsoft.NET NegotiateStream Protocol Specification HYPERLINK "[MS-NNS].pdf" [MS-NNS] to establish the security context of the operations as described in section HYPERLINK \l "z5f57a388b8264ae8b4f18e4b3b8e3c0f" 3.1.4.3.
1.5 Prerequisites/Preconditions
The Active Directory Web Services: Custom Action Protocol assumes that the client is able to discover the server by means not specified in this protocol. HYPERLINK \l "z23" <2>
1.6 Applicability Statement
The Active Directory Web Services: Custom Action Protocol is suitable for use when the implementer desires to retrieve and manipulate data stored in a directory service via an HYPERLINK "[MS-GLOS].pdf" XML-based model. It is used to manage access to Active Directory data (setting and retrieving) which is not easily done via the other protocols specified in this documentation set, including HYPERLINK "[MS-WSDS].pdf" [MS-WSDS], HYPERLINK "[MS-WSTIM].pdf" [MS-WSTIM], and HYPERLINK "[MS-WSPELD].pdf" [MS-WSPELD]. Examples of the capabilities provided by this protocol include retrieving and changing user passwords and retrieving information about the Active Directory domain and Active Directory forest.
1.7 Versioning and Capability Negotiation
This document covers versioning issues in the following areas:
Supported Transports: This protocol can be implemented using transports that support sending SOAP messages as described in section HYPERLINK \l "zc38ad5148ab7480a94fc3a63a138e2cb" 2.1.
Protocol Versions: This protocol is not versioned.
Capability Negotiation: This protocol does not support version negotiation.
Localization: This protocol includes text strings in various SOAP faults. Localization considerations for such strings are specified in the SOAP faults section of each operation described in section HYPERLINK \l "ze5fe282985e342488e85b200a0e15aa1" 3.3.4. See, for example, section HYPERLINK \l "z96efa3332957457dbfaf36576ae7c7fe" 3.3.4.1.8 for the ChangePassword operation.
1.8 Vendor-Extensible Fields
There are no vendor-extensible fields.
1.9 Standards Assignments
ParameterValueReferenceTCP Port9389IANANote HYPERLINK "[MS-GLOS].pdf" XML namespaces used by SOAP-based protocols are listed in section HYPERLINK \l "z22f1541357874b3486cc3a8760c13b7a" 2.2.1.
2 Messages
2.1 Transport
The Active Directory Web Services: Custom Action Protocol MUST use a transport binding that supports either SOAP 1.1 HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90520" [SOAP1.1] or SOAP 1.2 HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90521" [SOAP1.2-1/2003]. All messages MUST be formatted as specified in either SOAP 1.1 or SOAP 1.2. HYPERLINK \l "z25" <3>
2.2 Common Message Syntax
This section contains common definitions used by this protocol. The syntax of the definitions uses HYPERLINK "[MS-GLOS].pdf" XML schema as defined in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90608" [XMLSCHEMA1] and HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90610" [XMLSCHEMA2], and Web Services Description Language as defined in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90577" [WSDL].
2.2.1 Namespaces
This specification defines and references various XML namespaces using the mechanisms specified in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90602" [XMLNS]. Although this specification associates a specific XML namespace prefix for each XML namespace that is used, the choice of any particular XML namespace prefix is implementation-specific and not significant for interoperability.
PrefixNamespace URIReferenceca:http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActionsThis specificationser:http://schemas.microsoft.com/2003/10/Serialization/This specification.sera:http://schemas.microsoft.com/2003/10/Serialization/ArraysThis specification.soap12:http://schemas.xmlsoap.org/wsdl/soap12/ HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=131790" [WSDLSOAP]wsam:http://www.w3.org/2007/05/addressing/metadataThis specification.wsdl:http://schemas.xmlsoap.org/wsdl/ HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90577" [WSDL]xs:http://www.w3.org/2001/XMLSchema HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90608" [XMLSCHEMA1]xsi:http://www.w3.org/2001/XMLSchema-instance HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90608" [XMLSCHEMA1]2.2.2 Messages
This protocol does not contain any HYPERLINK "[MS-GLOS].pdf" WSDL messages that are used in more than one operation.
2.2.3 Elements
The following table summarizes the set of common XML schema element definitions defined by this specification. XML schema element definitions that are specific to a particular operation are described with the operation.
ElementDescriptionActiveDirectoryGroupAn extension of the ActiveDirectoryPrincipal element to include a GroupScope and a GroupType.ActiveDirectoryObjectThe base object for the ActiveDirectoryPrincipal element.ActiveDirectoryPrincipalRepresents a principal.CustomActionFaultThe base fault for all the Custom Action faults.ServerSpecifies which directory service a request is intended for.2.2.3.1 ActiveDirectoryObject
The ActiveDirectoryObject element represents an object in the directory. This element MUST NOT be returned in any messages in the Active Directory Web Services: Custom Action Protocol, because the complex type ActiveDirectoryObject is used only as a base type, with no elements created from that type. The ActiveDirectoryObject element MUST NOT be null.
2.2.3.2 ActiveDirectoryPrincipal
The ActiveDirectoryPrincipal element represents a HYPERLINK "[MS-GLOS].pdf" principal ( HYPERLINK "[MS-ADTS].pdf" [MS-ADTS] section 5.1.1.5). It is an extension of the HYPERLINK \l "zea01eacb788143b48d2967a71c84f48b" ActiveDirectoryObject (section HYPERLINK \l "zea01eacb788143b48d2967a71c84f48b" 2.2.3.1) element to include a SamAccountName (section HYPERLINK \l "zf8ba3117b73644eabf78df436b818987" 2.2.4.2.1) and a HYPERLINK "[MS-GLOS].pdf" SID (section HYPERLINK \l "z9e2d418294564ec485d650d2727a9f4c" 2.2.4.2.2). The ActiveDirectoryPrincipal element MUST NOT be null.
2.2.3.3 ActiveDirectoryGroup
The ActiveDirectoryGroup element is contained in the response for group information. It is an extension of the ActiveDirectoryPrincipal element (section HYPERLINK \l "za87f2001a2f94309a7aa3af016e15291" 2.2.3.2) to include a HYPERLINK \l "zd91b1f0e4fc24fa0b57126839c10ea7a" GroupScope (section HYPERLINK \l "zd91b1f0e4fc24fa0b57126839c10ea7a" 2.2.4.3.1 HYPERLINK \l "zd91b1f0e4fc24fa0b57126839c10ea7a" ) and a HYPERLINK \l "z15172db5cf734746ab55e8e4651169ce" GroupType (section HYPERLINK \l "z15172db5cf734746ab55e8e4651169ce" 2.2.4.3.2 HYPERLINK \l "z15172db5cf734746ab55e8e4651169ce" ). The ActiveDirectoryGroup element MUST NOT be null.
2.2.3.4 CustomActionFault
The CustomActionFault element is the base fault for all the Custom Action faults. This fault MUST NOT be returned directly by any Custom Actions. Only the derived children fault of this element is to be returned.
2.2.3.5 Server
An implementation MAY HYPERLINK \l "z27" <4> allow multiple directory services to be accessed via a single HYPERLINK \l "z6" endpoint. Therefore, when sending a SOAP request message (for example, to change a password), the requestor MUST specify which directory service the request is intended for. The Server SOAP header, which is located in the http://schemas.microsoft.com/2008/1/ActiveDirectory/Customactions XML namespace, is used to accomplish this. It MUST be specified by the requestor in any SOAP request message that is intended to target a specific directory service.
The contents of the Server header are the string literal "ldap:" followed by an integer (expressed as a string in base 10) that specifies the TCP port number of the desired directory service's LDAP interface.
In the following example, the requestor is asking that the operation (ADCAP ChangePassword) that is specified in the SOAP message be performed against the directory service that listens on port 3268.
http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions/AccountManagement/ChangePassword
ldap:3268
urn:uuid:a541d67c-707d-41f0-b27e-78d40b5a8293
http://www.w3.org/2005/08/addressing/anonymous
net.tcp://server01.fabrikam.com:9389/ActiveDirectoryWebServices/Windows/AccountManagement
CN=Guest,CN=Users,DC=fabrikam,DC=com
Password2
Password1
DC=fabrikam,DC=com
2.2.4 Complex Types
The following table summarizes the set of common XML schema complex type definitions defined by this specification. XML schema complex type definitions that are specific to a particular operation are described with the operation.
Complex TypeDescriptionActiveDirectoryObjectThe base type for the ActiveDirectoryPrincipal complex type and the ActiveDirectoryPartition complex type. Represents a directory object.ActiveDirectoryPrincipalAn extension of an ActiveDirectoryObject complex type definition, adding a SID element and a SamAccountName element.ActiveDirectoryGroupExtends the ActiveDirectoryPrincipal complex type definition to specify group results.ArrayOfActiveDirectoryGroupDefines an array of ActiveDirectoryGroup complex types.ArgumentErrorDetailCAIndicates that one or more of the parameters supplied were invalid.CustomActionFaultThe base type for all Active Directory Web Services: Custom Action Protocol faults.DirectoryErrorDetailCASupplies details about the directory or LDAP error that was returned.sera:ArrayOfStringDefines an array of strings.2.2.4.1 ActiveDirectoryObject
The ActiveDirectoryObject complex type represents a HYPERLINK "[MS-GLOS].pdf" directory object.
2.2.4.1.1 ActiveDirectoryObject/DistinguishedName
The DistinguishedName element specifies the distinguished name of the ActiveDirectoryObject directory object.
2.2.4.1.2 ActiveDirectoryObject/Name
The Name element specifies the name of the ActiveDirectoryObject directory object.
2.2.4.1.3 ActiveDirectoryObject/ObjectClass
The ObjectClass element specifies the object class of the ActiveDirectoryObject directory object.
2.2.4.1.4 ActiveDirectoryObject/ObjectGuid
The ObjectGuid element specifies the HYPERLINK "[MS-GLOS].pdf" GUID of the ActiveDirectoryObject directory object. GUID is defined in HYPERLINK "[MS-DTYP].pdf" [MS-DTYP] section 2.3.4.
2.2.4.1.5 ActiveDirectoryObject/ObjectTypes
The ObjectTypes element specifies an array of HYPERLINK "[MS-GLOS].pdf" object class strings (the objectClass hierarchy) that form the HYPERLINK "[MS-GLOS].pdf" object class inheritance of the ActiveDirectoryObject directory object.
2.2.4.1.6 ActiveDirectoryObject/ReferenceServer
When the directory service is HYPERLINK "[MS-GLOS].pdf" AD DS, the ReferenceServer element is the HYPERLINK "[MS-GLOS].pdf" fully qualified domain name (FQDN) (1) of the domain for this ActiveDirectoryObject, ActiveDirectoryPrincipal, or ActiveDirectoryGroup directory object. If the directory service is HYPERLINK \l "z1" AD LDS, this element is a string "servername:port", where servername is the name of the AD LDS server hosting the HYPERLINK "[MS-GLOS].pdf" NC for this ActiveDirectoryObject, ActiveDirectoryPrincipal, or ActiveDirectoryGroup directory object, and port is the base-10 representation of the TCP port number that the AD LDS instance is using for LDAP.
2.2.4.2 ActiveDirectoryPrincipal
The ActiveDirectoryPrincipal complex type is an extension of an ActiveDirectoryObject complex type definition (section HYPERLINK \l "zaa68d5aa85d943cca768e4ef54bafbc2" 2.2.4.1), adding a SID element and a SamAccountName element.
2.2.4.2.1 ActiveDirectoryPrincipal/SamAccountName
The SamAccountName element specifies the account name of the principal specified by the ActiveDirectoryPrincipal or ActiveDirectoryGroup directory object.
2.2.4.2.2 ActiveDirectoryPrincipal/SID
The SID element specifies the object security identifier (SID) on the principal specified by the ActiveDirectoryPrincipal or ActiveDirectoryGroup directory object. The SID is encoded in base64Binary format ( HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90610" [XMLSCHEMA2] section 3.2.16).
2.2.4.3 ActiveDirectoryGroup
The ActiveDirectoryGroup complex type extends the ActiveDirectoryPrincipal (section HYPERLINK \l "z79b6b2ff608a4f688fa2f0f1e1988f7c" 2.2.4.2) complex type definition, adding the elements GroupScope and GroupType.
2.2.4.3.1 ActiveDirectoryGroup/GroupScope
The HYPERLINK \l "z44e833d7313d4b59a386e86338d08a3a" GroupScope element contains the Group Scope (Unknown, DomainLocal, Global or Universal; see section HYPERLINK \l "z44e833d7313d4b59a386e86338d08a3a" 2.2.5.1) of the ActiveDirectoryGroup directory object.
2.2.4.3.2 ActiveDirectoryGroup/GroupType
The GroupType element contains the group type (Unknown, Distribution or Security, see section HYPERLINK \l "zb759f8c9b39e467781c3ec9ef57cc990" 2.2.5.2) of the ActiveDirectoryGroup directory object.
2.2.4.4 ArrayOfActiveDirectoryGroup
The ArrayOfActiveDirectoryGroup complex type defines an array of ActiveDirectoryGroup (section HYPERLINK \l "z028f8afdee694c6795a35a3817cdad1c" 2.2.4.3) complex types.
2.2.4.5 ArgumentErrorDetailCA
The ArgumentErrorDetailCA complex type definition SHOULD be used in a SOAP fault to indicate that one or more of the parameters supplied were invalid.
2.2.4.5.1 ArgumentErrorDetailCA/Message
The Message element contains a human-readable error string explaining the nature of the argument error that occurred. HYPERLINK \l "z29" <5> The value of this element is implementation-specific; therefore a client MUST NOT rely on the value.
2.2.4.5.2 ArgumentErrorDetailCA/ParameterName
The ParameterName element contains a human-readable error string containing the name of the argument that caused the error. HYPERLINK \l "z31" <6> The value of this element is implementation-specific; therefore, a client MUST NOT rely on the value.
2.2.4.5.3 ArgumentErrorDetailCA/ShortMessage
The ShortMessage element contains a human-readable error string that explains the nature of the argument error that occurred. HYPERLINK \l "z33" <7> The value of this element is implementation specific; therefore, a client MUST NOT rely on the value.
2.2.4.6 CustomActionFault
The CustomActionFault complex type definition SHOULD be the base type for all Active Directory Web Services: Custom Action Protocol faults.
The ADCAP protocol implementation MUST return only one of the following elements: ArgumentError, DirectoryError, or Error.
2.2.4.6.1 CustomActionFault/ArgumentError
The ArgumentError element SHOULD be used in a SOAP fault to indicate that one or more of the parameters supplied were invalid.
2.2.4.6.2 CustomActionFault/DirectoryError
The DirectoryError element SHOULD be used in a SOAP fault to supply details about the directory error that was returned.
2.2.4.6.3 CustomActionFault/Error
The Error element contains a human-readable error string explaining the nature of the error that occurred. HYPERLINK \l "z35" <8> The value of this element is implementation specific; therefore, a client MUST NOT rely on the value.
2.2.4.6.4 CustomActionFault/ShortError
The ShortError element contains a human-readable error string explaining the nature of the error that occurred. HYPERLINK \l "z37" <9> The value of this element is implementation specific; therefore, a client MUST NOT rely on the value.
2.2.4.7 DirectoryErrorDetailCA
The DirectoryErrorDetailCA complex type definition SHOULD be used in a SOAP fault to supply details about the directory or LDAP error that was returned.
2.2.4.7.1 DirectoryErrorDetailCA/ErrorCode
The ErrorCode element contains a numeric error code, in string form, representing the cause of the error.
2.2.4.7.2 DirectoryErrorDetailCA/ExtendedErrorMessage
The ExtendedErrorMessage element contains a human-readable error string explaining the nature of the error that occurred. The value of this element is implementation-specific; therefore a client MUST NOT rely on the value.
2.2.4.7.3 DirectoryErrorDetailCA/MatchedDN
The MatchedDN element contains an LDAP matchedDN as specified in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90325" [RFC2251].
2.2.4.7.4 DirectoryErrorDetailCA/Message
The Message element contains a human-readable error string that explains the nature of the directory error that occurred. HYPERLINK \l "z39" <10> The value of this element is implementation specific; therefore, a client MUST NOT rely on the value.
2.2.4.7.5 DirectoryErrorDetailCA/Referral
The Referral element contains an LDAP referral HYPERLINK "[MS-GLOS].pdf" URL as specified in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90325" [RFC2251].
2.2.4.7.6 DirectoryErrorDetailCA/ShortMessage
The ShortMessage element contains a human-readable error string explaining the nature of the error that occurred. HYPERLINK \l "z41" <11> The value of this element is implementation specific; therefore, a client MUST NOT rely on the value.
2.2.4.7.7 DirectoryErrorDetailCA/Win32ErrorCode
When HYPERLINK \l "z4f0843c9fb2c4c4490833f51b29f9396" DirectoryErrorDetailCA/errorCode (section HYPERLINK \l "z4f0843c9fb2c4c4490833f51b29f9396" 2.2.4.7.1) is an LDAP error code, the Win32ErrorCode element SHOULD contain the Win32 error code ( HYPERLINK "[MS-ERREF].pdf" [MS-ERREF] section 2.2), in string form, translated from the error contained in ErrorCode. HYPERLINK \l "z43" <12> When ErrorCode is a non-LDAP error code, the Win32ErrorCode element SHOULD contain the error contained in ErrorCode.
2.2.4.8 sera:ArrayOfString
The sera:ArrayOfString complex type defines an array of strings.
2.2.5 Simple Types
The following table summarizes the set of common XML schema simple type definitions defined by this specification. XML schema simple type definitions that are specific to a particular operation are described with the operation.
Simple typeDescriptionActiveDirectoryGroupScopeSpecifies the type of the GroupScope element.ActiveDirectoryGroupTypeDefines the allowable types of groups.ActiveDirectoryOperationMasterRoleRepresents the HYPERLINK "[MS-GLOS].pdf" FSMO roles that a directory service may hold.ser:durationDefines a type to express a duration of time.ser:guidDefines a HYPERLINK "[MS-GLOS].pdf" globally unique identifier (GUID) using a pattern.2.2.5.1 ActiveDirectoryGroupScope
This enumeration simple type is used to specify the type of the GroupScope element. It indicates the type of group that is specified in the ActiveDirectoryGroup element.
ValueMeaningUnknownThe group membership is unknown.DomainLocalThe group membership is in a HYPERLINK "[MS-GLOS].pdf" domain local group.GlobalThe group membership is in a HYPERLINK "[MS-GLOS].pdf" global group.UniversalThe group membership is in a HYPERLINK "[MS-GLOS].pdf" universal group.2.2.5.2 ActiveDirectoryGroupType
The ActiveDirectoryGroupType simple type defines the three allowable types of groups (Unknown, Distribution, and Security).
This enumeration simple type is used to specify the type of the HYPERLINK \l "z15172db5cf734746ab55e8e4651169ce" GroupType element. It indicates the type of group that is specified in the HYPERLINK \l "z37d5702437384e81a6adb90930b6c632" ActiveDirectoryGroup element.
ValueMeaningUnknownThe type of group represented is unknown.DistributionThe group does not represent a group of HYPERLINK "[MS-GLOS].pdf" security principals.SecurityThe group represents a group of security principals.2.2.5.3 ActiveDirectoryOperationMasterRole
The ActiveDirectoryOperationMasterRole simple type is an enumeration, representing the FSMO roles that a directory service may hold.
The enumeration values specify a FSMO role, according to the following table.
ValueDescription"PDCEmulator"PDC Emulator FSMO role, per HYPERLINK "[MS-ADTS].pdf" [MS-ADTS] section 6.1.5.4. "RIDMaster" HYPERLINK "[MS-GLOS].pdf" relative identifier (RID) Master FSMO role, per HYPERLINK "[MS-ADTS].pdf" [MS-ADTS] section 6.1.5.3."InfrastructureMaster"Infrastructure Master FSMO role, per HYPERLINK "[MS-ADTS].pdf" [MS-ADTS] section 6.1.5.5."SchemaMaster"Schema Master FSMO role, per HYPERLINK "[MS-ADTS].pdf" [MS-ADTS] section 6.1.5."DomainNamingMaster"Domain Naming Master FSMO role, per HYPERLINK "[MS-ADTS].pdf" [MS-ADTS] section 6.1.5.2.2.2.5.4 ser:duration
The ser:duration simple type defines a type to express a duration of time.
2.2.5.5 ser:guid
The ser:guid simple type defines a GUID using a pattern.
2.2.6 Attributes
This specification does not define any common XML schema HYPERLINK "[MS-GLOS].pdf" attribute definitions.
2.2.7 Groups
This specification does not define any common XML schema group definitions.
2.2.8 Attribute Groups
This specification does not define any common XML schema attribute group definitions.
2.3 Directory Service Schema Elements
The protocol accesses the directory service schema classes and attributes listed in the following table.
For the syntactic specifications of the following or pairs, refer either to:
Active Directory Domain Services (AD DS) ( HYPERLINK "[MS-ADA1].pdf" [MS-ADA1], HYPERLINK "[MS-ADA2].pdf" [MS-ADA2], HYPERLINK "[MS-ADA3].pdf" [MS-ADA3], and HYPERLINK "[MS-ADSC].pdf" [MS-ADSC]).
Or to:
Active Directory Lightweight Directory Services (AD LDS) HYPERLINK "[MS-ADLS].pdf" [MS-ADLS].
ClassAttributecomputerdnsHostName
memberOf
name
objectSID
operatingSystemHotFix
operatingSystem
operatingSystemServicePack
operatingSystemVersion
sAMAccountName
userAccountControlcrossRefdistinguishedName
dnsRoot
Enabled
nETBIOSNAme
ncName
objectGUID
systemFlags
trustParentcrossRefContainerfSMORoleOwner
msDS-Behavior-Version
msDS-SPNSuffixes
uPNSuffixesdMDfSMORoleOwnerdomainDNSdistinguishedName
fSMORoleOwner
gpLink
msDS-AllowedDNSSuffixes
msDS-Behavior-Version
msDS-LogonTimeSyncInterval
managedBy
name
objectSID
objectClass
rIDManagerReference
subRefs
wellKnownObjectsforeignSecurityPrincipalobjectSIDgroupgroupType
member
memberOf
name
objectSID
sAMAccountNameinetOrgPersonunicodePwd
userPasswordinfrastructureUpdatefSMORoleOwnernTDSDSAdistinguishedName
invocationId
msDS-hasDomainNCs
msDS-hasMasterNCs
msDS-hasFullReplicaNCs
hasPartialReplicaNCs
msDS-PortLDAP
msDS-PortSSL
name
objectCategory
optionsrIDManagerfSMORoleOwnerrootDSEbecomeDomainMaster
becomeInfrastructureMaster
becomePdc
becomeRidMaster
becomeSchemaMaster
defaultNamingContext
disableOptionalFeature
enableOptionalFeature
isGlobalCatalogReady
supportedCapabilities HYPERLINK \l "z45" <13>serverdistinguishedName
dnsHostName
objectGUID
serverReferencesitecnusername
memberOf
objectSID
primaryGroupID
sAMAccountName
userPassword
unicodePwd3 Protocol Details
The following sections describe the behavior of the Active Directory Web Services: Custom Action Protocol. This protocol follows a client-server model, in which a client sends a SOAP message containing a request (a HYPERLINK \l "ze61e20d431b5449abac4fcf00c6a40d4" ChangePassword, HYPERLINK \l "z3501d61e43c7499ba5966c261124e008" GetADGroupMember, HYPERLINK \l "zccc9e806edfd4d2b852ee920677690e9" GetADPrincipalAuthorizationGroup, HYPERLINK \l "z3528e43c5174412a82df5c137007db28" GetADPrincipalGroupMembership, HYPERLINK \l "zb2fc9377db93490298d77d73bd273f8a" SetPassword, HYPERLINK \l "zc8ccad94b8cd4ff09a7c03d580d98e9f" TranslateName, HYPERLINK \l "z6c6309c0a750465c9ae84336413ad85f" ChangeOptionalFeature, HYPERLINK \l "z78f447e53a264de5b8cc7f7b33a7f336" GetADDomain, HYPERLINK \l "z3c9b9f1d655d43a2a2319ba53fdf93b8" GetADDomainController, HYPERLINK \l "zc9b1878a58124e6e810e08fc32b73b0b" GetADForest, HYPERLINK \l "z5d710be816e1411ca9170c8dcce68f64" GetVersion, or HYPERLINK \l "z14ae436e7eb34d159644697fef649d49" MoveADOperationMasterRole operation) to the server, and the server responds with a SOAP message containing the response (or a SOAP fault, if an error occurred during server processing). HYPERLINK \l "z47" <14>
In the following sections, the operations are grouped by the two HYPERLINK "[MS-GLOS].pdf" WSDL port types to which they apply, the AccountManagement (section HYPERLINK \l "z51e35971336a43f19f31ce4ba7ce475b" 3.3) port type (on which ChangePassword, GetADGroupMember, GetADPrincipalAuthorizationGroup, GetADPrincipalGroupMembership, SetPassword and TranslateName operations are processed) and the TopologyManagement (section HYPERLINK \l "z81c0507746214240ae373e06cf8a294f" 3.4) port type (on which ChangeOptionalFeature, GetADDomain, GetADDomainController, GetADForest, GetVersion and MoveADOperationMasterRole operations are processed). Prior to discussing the operation-specific behaviors associated with each port type, a common server processing section is included that contains protocol details common to all operations on all port types.
The client side of this protocol is simply a pass-through. That is, no additional timers or other state is required on the client side of this protocol. Calls made by the higher-layer protocol or application are passed directly to the transport, and the results returned by the transport are passed directly back to the higher-layer protocol or application.
3.1 Common Server Processing and Notational Conventions
This section describes processing that is common to all operations on all port types. Specifically, it discusses the SOAP header that is included by clients on SOAP messages to identity Active Directory Web Services: Custom Action Protocol requests. It also documents the abstract data model and initialization procedure common to all port types.
If e is an ele m e n t , t h e n t h e f o l l o w i n g l i s t d e f i n e s c o m m o n s t a t e s o f t h e v a l u e o f e :
E m p t y : T h e s t r i n g " <