[MS-ADTS-Diff]: Active Directory Technical Specification

Transcription

[MS-ADTS-Diff]:Active Directory Technical SpecificationIntellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation (“thisdocumentation”) for protocols, file formats, data portability, computer languages, and standardssupport. Additionally, overview documents cover inter-protocol relationships and interactions. Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any otherterms that are contained in the terms of use for the Microsoft website that hosts thisdocumentation, you can make copies of it in order to develop implementations of the technologiesthat are described in this documentation and can distribute portions of it in your implementationsthat use these technologies or in your documentation as necessary to properly document theimplementation. You can also distribute in your implementation, with or without modification, anyschemas, IDLs, or code samples that are included in the documentation. This permission alsoapplies to any documents that are referenced in the Open Specifications documentation. No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. Patents. Microsoft has patents that might cover your implementations of the technologiesdescribed in the Open Specifications documentation. Neither this notice nor Microsoft's delivery ofthis documentation grants any licenses under those patents or any other Microsoft patents.However, a given Open Specifications document might be covered by the Microsoft OpenSpecifications Promise or the Microsoft Community Promise. If you would prefer a written license,or if the technologies described in this documentation are not covered by the Open SpecificationsPromise or Community Promise, as applicable, patent licenses are available by contactingiplg@microsoft.com. Trademarks. The names of companies and products contained in this documentation might becovered by trademarks or similar intellectual property rights. This notice does not grant anylicenses under those rights. For a list of Microsoft trademarks, visitwww.microsoft.com/trademarks. Fictitious Names. The example companies, organizations, products, domain names, emailaddresses, logos, people, places, and events that are depicted in this documentation are fictitious.No association with any real company, organization, product, domain name, email address, logo,person, place, or event is intended or should be inferred.Reservation of Rights. All other rights are reserved, and this notice does not grant any rights otherthan as specifically described above, whether by implication, estoppel, or otherwise.Tools. The Open Specifications documentation does not require the use of Microsoft programmingtools or programming environments in order for you to develop an implementation. If you have accessto Microsoft programming tools and environments, you are free to take advantage of them. CertainOpen Specifications documents are intended for use in conjunction with publicly available standardsspecifications and network programming art and, as such, assume that the reader either is familiarwith the aforementioned material or has immediate access to it.1 / 629[MS-ADTS-Diff] - v20170316Active Directory Technical SpecificationCopyright 2017 Microsoft CorporationRelease: March 16, 2017

Revision 2/20070.01NewVersion 0.01 release6/1/20071.0MajorIncluded non-native content.7/3/20071.0.1EditorialChanged language and formatting in the technical content.7/20/20071.0.2EditorialChanged language and formatting in the technical content.8/10/20071.0.3EditorialChanged language and formatting in the technical content.9/28/20072.0MajorAdjusted bitfield diagrams for byte ordering; added bitflags.10/23/20072.1MinorClarified the meaning of the technical content.11/30/20072.2MinorClarified the meaning of the technical content.1/25/20083.0MajorUpdated and revised the technical content.3/14/20083.1MinorDeleted hexadecimal representations of little-endian bitflags.5/16/20084.0MajorUpdated and revised the technical content.6/20/20085.0MajorUpdated and revised the technical content.7/25/20086.0MajorUpdated and revised the technical content.8/29/20087.0MajorUpdated and revised the technical content.10/24/20088.0MajorUpdated and revised the technical content.12/5/20089.0MajorUpdated and revised the technical content.1/16/200910.0MajorUpdated and revised the technical content.2/27/200911.0MajorUpdated and revised the technical content.4/10/200912.0MajorUpdated and revised the technical content.5/22/200913.0MajorUpdated and revised the technical content.7/2/200914.0MajorUpdated and revised the technical content.8/14/200915.0MajorUpdated and revised the technical content.9/25/200916.0MajorUpdated and revised the technical content.11/6/200917.0MajorUpdated and revised the technical content.12/18/200918.0MajorUpdated and revised the technical content.1/29/201019.0MajorUpdated and revised the technical content.3/12/201020.0MajorUpdated and revised the technical content.4/23/201021.0MajorUpdated and revised the technical content.6/4/201022.0MajorUpdated and revised the technical content.2 / 629[MS-ADTS-Diff] - v20170316Active Directory Technical SpecificationCopyright 2017 Microsoft CorporationRelease: March 16, 2017

3.0MajorUpdated and revised the technical content.8/27/201024.0MajorUpdated and revised the technical content.10/8/201025.0MajorUpdated and revised the technical content.11/19/201026.0MajorUpdated and revised the technical content.1/7/201127.0MajorUpdated and revised the technical content.2/11/201128.0MajorUpdated and revised the technical content.3/25/201129.0MajorUpdated and revised the technical content.5/6/201130.0MajorUpdated and revised the technical content.6/17/201130.1MinorClarified the meaning of the technical content.9/23/201131.0MajorUpdated and revised the technical content.12/16/201132.0MajorUpdated and revised the technical content.3/30/201233.0MajorUpdated and revised the technical content.7/12/201234.0MajorUpdated and revised the technical content.10/25/201235.0MajorUpdated and revised the technical content.1/31/201336.0MajorUpdated and revised the technical content.8/8/201337.0MajorUpdated and revised the technical content.11/14/201338.0MajorUpdated and revised the technical content.2/13/201439.0MajorUpdated and revised the technical content.5/15/201440.0MajorUpdated and revised the technical content.6/30/201541.0MajorSignificantly changed the technical content.10/16/201542.0MajorSignificantly changed the technical content.7/14/201643.0MajorSignificantly changed the technical content.3/16/201744.0MajorSignificantly changed the technical content.3 / 629[MS-ADTS-Diff] - v20170316Active Directory Technical SpecificationCopyright 2017 Microsoft CorporationRelease: March 16, 2017

Table of Contents1Introduction . 221.1Glossary . 241.2References . 411.2.1Normative References . 411.2.2Informative References . 461.3Overview . 461.4Relationship to Other Protocols . 471.5Prerequisites/Preconditions . 481.6Applicability Statement . 481.7Versioning and Capability Negotiation . 481.8Vendor-Extensible Fields . 481.9Standards Assignments. 482Messages . 492.1Transport . 492.2Message Syntax . 492.2.1LCID-Locale Mapping Table . 492.2.2DS REPL NEIGHBORW BLOB . 552.2.3DS REPL KCC DSA FAILUREW BLOB . 582.2.4DS REPL OPW BLOB. 592.2.5DS REPL QUEUE STATISTICSW BLOB . 612.2.6DS REPL CURSOR BLOB . 622.2.7DS REPL ATTR META DATA BLOB . 632.2.8DS REPL VALUE META DATA BLOB . 642.2.9Search Flags . 662.2.10System Flags . 672.2.11schemaFlagsEx Flags . 682.2.12Group Type Flags. 682.2.13Group Security Flags . 692.2.14Security Privilege Flags. 692.2.15Domain RID Values . 702.2.16userAccountControl Bits. 712.2.17Optional Feature Values. 722.2.18Claims Wire Structures . 732.2.18.1CLAIM ID . 742.2.18.2CLAIM TYPE . 742.2.18.3CLAIMS SOURCE TYPE . 752.2.18.4CLAIMS COMPRESSION FORMAT . 752.2.18.5CLAIM ENTRY . 752.2.18.6CLAIMS ARRAY . 762.2.18.7CLAIMS SET . 772.2.18.8CLAIMS SET METADATA . 772.2.18.9CLAIMS BLOB . 782.2.19MSDS-MANAGEDPASSWORD BLOB . 782.2.20Key Credential Link Structures . 792.2.20.1Key Credential Link Constants . 792.2.20.2KEYCREDENTIALLINK BLOB . 802.2.20.3KEYCREDENTIALLINK ENTRY . 802.2.20.4CUSTOM KEY INFORMATION . 812.2.20.5KEYCREDENTIALLINK ENTRY Identifiers . 812.2.21Service Principal Name . 823Details . 833.1Common Details . 843.1.1Abstract Data Model . 844 / 629[MS-ADTS-Diff] - v20170316Active Directory Technical SpecificationCopyright 2017 Microsoft CorporationRelease: March 16, 2017

3.1.1.1State Model . 843.1.1.1.1Scope . 843.1.1.1.2State Modeling Primitives and Notational Conventions . 853.1.1.1.3Basics, objectGUID, and Special Attribute Behavior . 863.1.1.1.4objectClass, RDN, DN, Constructed Attributes, Secret Attributes . 873.1.1.1.5NC, NC Replica . 903.1.1.1.5.1Tombstone Lifetime and Deleted-Object Lifetime . 923.1.1.1.6Attribute Syntaxes, Object References, Referential Integrity, and WellKnown Objects . 933.1.1.1.7Forest, Canonical Name. 963.1.1.1.8GC . 983.1.1.1.

3 / 629 [MS-ADTS-Diff] - v20170316 Active Directory Technical Specification Copyright 2017 Microsoft Corporation Release: March 16, 2017 Date