Microsoft KB Archive/219005

= Windows 2000: LDAPv3 RootDSE =

Article ID: 219005

Article Last Modified on 2/23/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server

-



This article was previously published under Q219005





SUMMARY
The RootDSE is a standard attribute defined in the LDAP 3.0 specification. The RootDSE contains information about the directory server, including its capabilities and configuration. The search response will contain a standard set of information that is defined in the following RFC:

RFC 2251 - Lightweight Directory Access Protocol (v3)



MORE INFORMATION
The LDAP protocol assumes there are one or more servers that jointly provide access to a Directory Information Tree (DIT). At the root of the DIT is a DSA-specific Entry (DSE) and it is not part of any naming context. Each server has different attribute values in the root DSE. (DSA is an X.500 term for the directory server.)

The root DSE (DSA-specific Entry) data can be retrieved from an LDAPv3 server by doing a base-level search with a null BaseDN and with filter ObjectClass=*. The root DSE publishes information about the LDAP server including which LDAP versions it supports, any supported SASL mechanisms, supported controls as well as the DN for its subschemaSubentry. In addition to server information, operational attributes may be exposed that allow for extended administration functionality.

For more information on this LDAPv3 requirement, please see Section 3.4 of RFC 2251. This document will discuss the attributes exposed in the Active Directory RootDSE.

Section 5.2 of RFC 2252 defines a set of root DSE attributes that should be published by LDAPv3 servers that support them. In addition, Section 3.4 of RFC 2251 adds the subschemaSubentry to make a total of seven standard attributes published in the root DSE section of an LDAPv3 server.

These core attributes are defined as follows:


 * namingContexts: The values of this attribute correspond to naming contexts which this server masters or shadows. If the server believes it contains the entire directory, the attribute will have a single value, and that value will be the empty string (indicating the null DN of the root). This attribute will allow a client to choose suitable base objects for searching when it has contacted a server.
 * subschemaSubentry: The value of this attribute is the name of a subschema entry (or subentry if the server is based on X.500(93)) in which the server makes available attributes specifying the schema. Supported attributes are exposed in the attributeTypes property and supported classes in the objectClasses property. The subschemaSubentry property and subschema are defined in LDAPv3 (RFC 2251).
 * altServer: The values of this attribute are URLs of other servers that may be contacted when this server becomes unavailable. If the server does not know of any other servers that could be used, this attribute will be absent. Clients may cache this information in case their preferred LDAP server later becomes unavailable.
 * supportedExtension: The values of this attribute are Object Identifiers (OIDs) identifying the supported extended operations which the server supports. If the server does not support any extensions, this attribute will be absent.
 * supportedControl: The values of this attribute are the Object Identifiers (OIDs) identifying controls that the server supports. If the server does not support any controls, this attribute will be absent.
 * supportedSASLMechanisms: The values of this attribute are the names of supported SASL mechanisms which the server supports. If the server does not support any mechanisms, this attribute will be absent. By default, GSSAPI is supported.
 * supportedLDAPVersion: The values of this attribute are the versions of the LDAP protocol that the server implements.

In addition, Active Directory supports the following 'informational' attributes:


 * currentTime: The current time based on 'Zulu' time in the format xxxx(year)xx(month)xx(day)xxxxxx.x(hours,minutes,seconds military time)'Z'
 * dsServiceName: NTDS Settings.
 * defaultNamingContext: This is the default NC for a particular server. By default, the DN for the domain of which this directory server is a member.
 * schemaNamingContext: DN for the Enterprise schema Naming Context.
 * configurationNamingContext: DN Enterprise Configuration Naming Context.
 * rootDomainNamingContext: This is the DN for the root of the Domain that this server is a DC for.
 * supportedLDAPPolicies: Supported LDAP management policies.
 * highestCommittedUSN: Highest USN commited to the database on this server.
 * dnsHostName: The DNS name of this DC.
 * ldapServiceName: Service Principal Name (SPN) for the LDAP server. Used for mutual authentication.
 * serverName: DN for the server object for this directory server as defined in the Configuration container.
 * supportedCapabilities: The values of this attribute are OBJECT IDENTIFIERs (OIDs) identifying the supported capabilities of the server.

Below is a network trace of a search request to the domain lcdom.com. The domain contoller is named rthomdc.lcdom.com. The transport layer and lower level protocols have been removed for clarity.

Search on RootDSE: LDAP: ProtocolOp: SearchRequest (3) LDAP: MessageID LDAP: ProtocolOp = SearchRequest LDAP: Base Object = LDAP: Scope = Base Object LDAP: Deref Aliases = Never Deref Aliases LDAP: Size Limit = No Limit LDAP: Time Limit = No Limit LDAP: Attrs Only = 0 (0x0) LDAP: Filter Type = Present LDAP: Attribute Type = objectClass SearchResponse of RootDSE: LDAP: ProtocolOp: SearchResponse (4) LDAP: MessageID LDAP: ProtocolOp = SearchResponse LDAP: Object Name = LDAP: Attribute Type = currentTime LDAP: Attribute Value = 19990315231515.0Z LDAP: Attribute Type = subschemaSubentry LDAP: Attribute Value = CN=Aggregate,CN=Schema,CN=Configuration,DC=lcdom,DC=com LDAP: Attribute Type = dsServiceName LDAP: Attribute Value = CN=NTDS Settings, CN=RTHOMDC,CN=Servers,CN=Sites,CN=Configuration,DC=lcdom,DC=com LDAP: Attribute Type = namingContexts LDAP: Attribute Value = CN=Schema,CN=Configuration,DC=lcdom,DC=com LDAP: Attribute Value = CN=Configuration,DC=lcdom,DC=com LDAP: Attribute Value = DC=lcdom,DC=com LDAP: Attribute Type = defaultNamingContext LDAP: Attribute Value = DC=lcdom,DC=com LDAP: Attribute Type = schemaNamingContext LDAP: Attribute Value = CN=Schema,CN=Configuration,DC=lcdom,DC=com LDAP: Attribute Type = configurationNamingContext LDAP: Attribute Value = CN=Configuration,DC=lcdom,DC=com LDAP: Attribute Type = rootDomainNamingContext LDAP: Attribute Value = DC=lcdom,DC=com LDAP: Attribute Type = supportedControl LDAP: Attribute Value = 1.2.840.113556.1.4.319 LDAP: Attribute Value = 1.2.840.113556.1.4.801 LDAP: Attribute Value = 1.2.840.113556.1.4.473 LDAP: Attribute Value = 1.2.840.113556.1.4.528 LDAP: Attribute Value = 1.2.840.113556.1.4.417 LDAP: Attribute Value = 1.2.840.113556.1.4.619 LDAP: Attribute Value = 1.2.840.113556.1.4.841 LDAP: Attribute Value = 1.2.840.113556.1.4.529 LDAP: Attribute Value = 1.2.840.113556.1.4.805 LDAP: Attribute Value = 1.2.840.113556.1.4.521 LDAP: Attribute Value = 1.2.840.113556.1.4.970 LDAP: Attribute Value = 1.2.840.113556.1.4.1338 LDAP: Attribute Value = 1.2.840.113556.1.4.474 LDAP: Attribute Value = 1.2.840.113556.1.4.1339 LDAP: Attribute Type = supportedLDAPVersion LDAP: Attribute Value = 3 LDAP: Attribute Value = 2 LDAP: Attribute Type = supportedLDAPPolicies LDAP: Attribute Value = InitRecvTimeout LDAP: Attribute Value = MaxConnections LDAP: Attribute Value = MaxConnIdleTime LDAP: Attribute Value = MaxActiveQueries LDAP: Attribute Value = MaxNotificationPerConn LDAP: Attribute Value = MaxPageSize LDAP: Attribute Value = MaxQueryDuration LDAP: Attribute Value = MaxTempTableSize LDAP: Attribute Value = MaxResultSetSize LDAP: Attribute Value = MaxPoolThreads LDAP: Attribute Value = MaxDatagramRecv LDAP: Attribute Type = highestCommittedUSN LDAP: Attribute Value = 17878 LDAP: Attribute Type = supportedSASLMechanisms LDAP: Attribute Value = GSSAPI LDAP: Attribute Value = GSS-SPNEGO LDAP: Attribute Type = dnsHostName LDAP: Attribute Value = RTHOMDC.lcdom.com LDAP: Attribute Type = ldapServiceName LDAP: Attribute Value =lcdom.com:RTHOMDC$@LCDOM.COM LDAP: Attribute Type = serverName LDAP: Attribute Value = CN=RTHOMDC,CN=Servers,CN=Sites,CN=Configuration,DC=lcdom,DC=com LDAP: Attribute Type = supportedCapabilities LDAP: Attribute Value = 1.2.840.113556.1.4.800

Additional query words: rfc2251

Keywords: kbinfo KB219005

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.