Documentation
¶
Overview ¶
The adts package implements the ADTS client protocol.
Introduction ¶
This is the primary specification for Active Directory, both Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). When the specification does not refer specifically to AD DS or AD LDS, it applies to both. The state model for this specification is prerequisite to the other specifications for Active Directory: [MS-DRSR] and [MS-SRPL].
When no operating system version information is specified, information in this document applies to all relevant versions of Windows. Similarly, when no DC functional level is specified, information in this document applies to all DC functional levels.
The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include released service packs.
Overview ¶
This is the primary specification for Active Directory. The state model for this specification is prerequisite to the other specifications for Active Directory: [MS-DRSR] and [MS-SRPL].
Active Directory is either deployed as AD DS or as AD LDS. This document describes both forms. When the specification does not refer specifically to AD DS or AD LDS, it applies to both.
The remainder of this section describes the structure of this document.
The basic state model is specified in section 3.1.1.1. The basic state model is prerequisite to the remainder of the document. Section 3.1.1.1 also includes descriptive content to introduce key concepts and refer to places in the document where the full specification is given.
The schema completes the state model and is specified in section 3.1.1.2. The schema is prerequisite to the remainder of the document.
Active Directory is a server for LDAP. Section 3.1.1.3 specifies the extensions and variations of LDAP that are supported by Active Directory.
LDAP is an access protocol that determines very little about the behavior of the data being accessed. Section 3.1.1.4 specifies read (LDAP Search) behaviors, and section 3.1.1.5 specifies update (LDAP Add, Modify, Modify DN, Delete) behaviors. Section 3.1.1.6 specifies background tasks required due to write operations, to the extent that those tasks are exposed by protocols.
One of the update behaviors is the maintenance of the change log for use by Windows NT 4.0 operating system backup domain controller (BDC) replication [MS-NRPC] section 3.6. The maintenance of this change log is specified in section 3.1.1.7.
The security services that Active Directory offers clients of LDAP are specified in section 5.1.
Active Directory contains a number of objects, visible through LDAP, that have special significance to the system. Section 6.1 specifies these objects.
A server running Active Directory is part of a distributed system that performs replication. The Knowledge Consistency Checker (KCC) is a component that is used to create spanning trees for DC-to-DC replication and is specified in section 6.2.
A server running Active Directory is responsible for publishing the services that it offers, in order to eliminate the administrative burden of configuring clients to use particular servers running Active Directory. A server running Active Directory also implements the server side of the LDAP ping and mailslot ping protocols to aid clients in selecting among all the servers offering the same service. Section 6.3 specifies how a server running Active Directory publishes its services, and how a client needing some service can use this publication plus the LDAP ping or mailslot ping to locate a suitable server.
Computers in a network with Active Directory can be put into a state called "domain joined"; when in this state, the computer can authenticate itself. Section 6.4 specifies both the state in Active Directory and the state on a computer required for the domain joined state.
Each type of data stored in Active Directory has an associated function that compares two values to determine if they are equal and, if not, which is greater. Section 3.1.1.2 specifies all but one of these functions; the methodology for comparing two Unicode strings is specified in section 6.5.
Index ¶
- Variables
- type CypherBlock
- type DomainGroupMembership
- type GroupMembership
- type KerberosSIDAndAttributes
- type KerberosValidationInfo
- type NTLMSupplementalCredential
- type PACClientClaimsInfo
- type PACClientInfo
- type PACCredentialData
- type PACCredentialInfo
- type PACDeviceClaimsInfo
- type PACDeviceInfo
- type PACInfoBuffer
- type PACType
- type S4UDelegationInfo
- type SecurityPackageSupplementalCred
- type UPNDNSInfo
- type UserSessionKey
Constants ¶
This section is empty.
Variables ¶
var (
// import guard
GoPackage = "adts"
)
Functions ¶
This section is empty.
Types ¶
type CypherBlock ¶
type CypherBlock struct {
Data []byte `idl:"name:data" json:"data"`
}
CypherBlock structure represents CYPHER_BLOCK RPC structure.
func (*CypherBlock) MarshalNDR ¶
func (*CypherBlock) UnmarshalNDR ¶
type DomainGroupMembership ¶
type DomainGroupMembership struct {
DomainID *dtyp.SID `idl:"name:DomainId" json:"domain_id"`
GroupCount uint32 `idl:"name:GroupCount" json:"group_count"`
GroupIDs []*GroupMembership `idl:"name:GroupIds;size_is:(GroupCount)" json:"group_ids"`
}
DomainGroupMembership structure represents DOMAIN_GROUP_MEMBERSHIP RPC structure.
func (*DomainGroupMembership) MarshalNDR ¶
func (*DomainGroupMembership) UnmarshalNDR ¶
type GroupMembership ¶
type GroupMembership struct {
RelativeID uint32 `idl:"name:RelativeId" json:"relative_id"`
Attributes uint32 `idl:"name:Attributes" json:"attributes"`
}
GroupMembership structure represents GROUP_MEMBERSHIP RPC structure.
func (*GroupMembership) MarshalNDR ¶
func (*GroupMembership) UnmarshalNDR ¶
type KerberosSIDAndAttributes ¶
type KerberosSIDAndAttributes struct {
SID *dtyp.SID `idl:"name:Sid" json:"sid"`
Attributes uint32 `idl:"name:Attributes" json:"attributes"`
}
KerberosSIDAndAttributes structure represents KERB_SID_AND_ATTRIBUTES RPC structure.
func (*KerberosSIDAndAttributes) MarshalNDR ¶
func (*KerberosSIDAndAttributes) UnmarshalNDR ¶
type KerberosValidationInfo ¶
type KerberosValidationInfo struct {
LogonTime *dtyp.Filetime `idl:"name:LogonTime" json:"logon_time"`
LogoffTime *dtyp.Filetime `idl:"name:LogoffTime" json:"logoff_time"`
KickOffTime *dtyp.Filetime `idl:"name:KickOffTime" json:"kick_off_time"`
PasswordLastSet *dtyp.Filetime `idl:"name:PasswordLastSet" json:"password_last_set"`
PasswordCanChange *dtyp.Filetime `idl:"name:PasswordCanChange" json:"password_can_change"`
PasswordMustChange *dtyp.Filetime `idl:"name:PasswordMustChange" json:"password_must_change"`
EffectiveName *dtyp.UnicodeString `idl:"name:EffectiveName" json:"effective_name"`
FullName *dtyp.UnicodeString `idl:"name:FullName" json:"full_name"`
LogonScript *dtyp.UnicodeString `idl:"name:LogonScript" json:"logon_script"`
ProfilePath *dtyp.UnicodeString `idl:"name:ProfilePath" json:"profile_path"`
HomeDirectory *dtyp.UnicodeString `idl:"name:HomeDirectory" json:"home_directory"`
HomeDirectoryDrive *dtyp.UnicodeString `idl:"name:HomeDirectoryDrive" json:"home_directory_drive"`
LogonCount uint16 `idl:"name:LogonCount" json:"logon_count"`
BadPasswordCount uint16 `idl:"name:BadPasswordCount" json:"bad_password_count"`
UserID uint32 `idl:"name:UserId" json:"user_id"`
PrimaryGroupID uint32 `idl:"name:PrimaryGroupId" json:"primary_group_id"`
GroupCount uint32 `idl:"name:GroupCount" json:"group_count"`
GroupIDs []*GroupMembership `idl:"name:GroupIds;size_is:(GroupCount)" json:"group_ids"`
UserFlags uint32 `idl:"name:UserFlags" json:"user_flags"`
UserSessionKey *UserSessionKey `idl:"name:UserSessionKey" json:"user_session_key"`
LogonServer *dtyp.UnicodeString `idl:"name:LogonServer" json:"logon_server"`
LogonDomainName *dtyp.UnicodeString `idl:"name:LogonDomainName" json:"logon_domain_name"`
LogonDomainID *dtyp.SID `idl:"name:LogonDomainId" json:"logon_domain_id"`
UserAccountControl uint32 `idl:"name:UserAccountControl" json:"user_account_control"`
SIDCount uint32 `idl:"name:SidCount" json:"sid_count"`
ExtraSIDs []*KerberosSIDAndAttributes `idl:"name:ExtraSids;size_is:(SidCount)" json:"extra_sids"`
ResourceGroupDomainSID *dtyp.SID `idl:"name:ResourceGroupDomainSid" json:"resource_group_domain_sid"`
ResourceGroupCount uint32 `idl:"name:ResourceGroupCount" json:"resource_group_count"`
ResourceGroupIDs []*GroupMembership `idl:"name:ResourceGroupIds;size_is:(ResourceGroupCount)" json:"resource_group_ids"`
// contains filtered or unexported fields
}
KerberosValidationInfo structure represents KERB_VALIDATION_INFO RPC structure.
func (*KerberosValidationInfo) MarshalNDR ¶
func (*KerberosValidationInfo) UnmarshalNDR ¶
type NTLMSupplementalCredential ¶
type NTLMSupplementalCredential struct {
Version uint32 `idl:"name:Version" json:"version"`
Flags uint32 `idl:"name:Flags" json:"flags"`
LMPassword []byte `idl:"name:LmPassword" json:"lm_password"`
NTPassword []byte `idl:"name:NtPassword" json:"nt_password"`
}
NTLMSupplementalCredential structure represents NTLM_SUPPLEMENTAL_CREDENTIAL RPC structure.
func (*NTLMSupplementalCredential) MarshalNDR ¶
func (*NTLMSupplementalCredential) UnmarshalNDR ¶
type PACClientClaimsInfo ¶
type PACClientClaimsInfo struct {
Claims *claims.ClaimsSetMetadata `idl:"name:Claims" json:"claims"`
}
PACClientClaimsInfo structure represents PAC_CLIENT_CLAIMS_INFO RPC structure.
func (*PACClientClaimsInfo) MarshalNDR ¶
func (*PACClientClaimsInfo) UnmarshalNDR ¶
type PACClientInfo ¶
type PACClientInfo struct {
ClientID *dtyp.Filetime `idl:"name:ClientId" json:"client_id"`
NameLength uint16 `idl:"name:NameLength" json:"name_length"`
Name []uint16 `idl:"name:Name" json:"name"`
}
PACClientInfo structure represents PAC_CLIENT_INFO RPC structure.
func (*PACClientInfo) MarshalNDR ¶
func (*PACClientInfo) UnmarshalNDR ¶
type PACCredentialData ¶
type PACCredentialData struct {
CredentialCount uint32 `idl:"name:CredentialCount" json:"credential_count"`
Credentials []*SecurityPackageSupplementalCred `idl:"name:Credentials;size_is:(CredentialCount)" json:"credentials"`
}
PACCredentialData structure represents PAC_CREDENTIAL_DATA RPC structure.
func (*PACCredentialData) MarshalNDR ¶
func (*PACCredentialData) NDRSizeInfo ¶
func (o *PACCredentialData) NDRSizeInfo() []uint64
func (*PACCredentialData) UnmarshalNDR ¶
type PACCredentialInfo ¶
type PACCredentialInfo struct {
Version uint32 `idl:"name:Version" json:"version"`
EncryptionType uint32 `idl:"name:EncryptionType" json:"encryption_type"`
SerializedData []byte `idl:"name:SerializedData" json:"serialized_data"`
}
PACCredentialInfo structure represents PAC_CREDENTIAL_INFO RPC structure.
func (*PACCredentialInfo) MarshalNDR ¶
func (*PACCredentialInfo) UnmarshalNDR ¶
type PACDeviceClaimsInfo ¶
type PACDeviceClaimsInfo struct {
Claims *claims.ClaimsSetMetadata `idl:"name:Claims" json:"claims"`
}
PACDeviceClaimsInfo structure represents PAC_DEVICE_CLAIMS_INFO RPC structure.
func (*PACDeviceClaimsInfo) MarshalNDR ¶
func (*PACDeviceClaimsInfo) UnmarshalNDR ¶
type PACDeviceInfo ¶
type PACDeviceInfo struct {
UserID uint32 `idl:"name:UserId" json:"user_id"`
PrimaryGroupID uint32 `idl:"name:PrimaryGroupId" json:"primary_group_id"`
AccountDomainID *dtyp.SID `idl:"name:AccountDomainId" json:"account_domain_id"`
AccountGroupCount uint32 `idl:"name:AccountGroupCount" json:"account_group_count"`
AccountGroupIDs []*GroupMembership `idl:"name:AccountGroupIds;size_is:(AccountGroupCount)" json:"account_group_ids"`
SIDCount uint32 `idl:"name:SidCount" json:"sid_count"`
ExtraSIDs []*KerberosSIDAndAttributes `idl:"name:ExtraSids;size_is:(SidCount)" json:"extra_sids"`
DomainGroupCount uint32 `idl:"name:DomainGroupCount" json:"domain_group_count"`
DomainGroup []*DomainGroupMembership `idl:"name:DomainGroup;size_is:(DomainGroupCount)" json:"domain_group"`
}
PACDeviceInfo structure represents PAC_DEVICE_INFO RPC structure.
func (*PACDeviceInfo) MarshalNDR ¶
func (*PACDeviceInfo) UnmarshalNDR ¶
type PACInfoBuffer ¶
type PACInfoBuffer struct {
Type uint32 `idl:"name:ulType" json:"type"`
BufferLength uint32 `idl:"name:cbBufferSize" json:"buffer_length"`
Offset uint64 `idl:"name:Offset" json:"offset"`
}
PACInfoBuffer structure represents PAC_INFO_BUFFER RPC structure.
func (*PACInfoBuffer) MarshalNDR ¶
func (*PACInfoBuffer) UnmarshalNDR ¶
type PACType ¶
type PACType struct {
BuffersCount uint32 `idl:"name:cBuffers" json:"buffers_count"`
Version uint32 `idl:"name:Version" json:"version"`
Buffers []*PACInfoBuffer `idl:"name:Buffers" json:"buffers"`
}
PACType structure represents PACTYPE RPC structure.
type S4UDelegationInfo ¶
type S4UDelegationInfo struct {
S4u2proxyTarget *dtyp.UnicodeString `idl:"name:S4U2proxyTarget" json:"s4u2proxy_target"`
TransitedListSize uint32 `idl:"name:TransitedListSize" json:"transited_list_size"`
S4UTransitedServices []*dtyp.UnicodeString `idl:"name:S4UTransitedServices;size_is:(TransitedListSize)" json:"s4u_transited_services"`
}
S4UDelegationInfo structure represents S4U_DELEGATION_INFO RPC structure.
func (*S4UDelegationInfo) MarshalNDR ¶
func (*S4UDelegationInfo) UnmarshalNDR ¶
type SecurityPackageSupplementalCred ¶
type SecurityPackageSupplementalCred struct {
PackageName *dtyp.UnicodeString `idl:"name:PackageName" json:"package_name"`
CredentialSize uint32 `idl:"name:CredentialSize" json:"credential_size"`
Credentials []byte `idl:"name:Credentials;size_is:(CredentialSize)" json:"credentials"`
}
SecurityPackageSupplementalCred structure represents SECPKG_SUPPLEMENTAL_CRED RPC structure.
func (*SecurityPackageSupplementalCred) MarshalNDR ¶
func (*SecurityPackageSupplementalCred) UnmarshalNDR ¶
type UPNDNSInfo ¶
type UPNDNSInfo struct {
UPNLength uint16 `idl:"name:UpnLength" json:"upn_length"`
UPNOffset uint16 `idl:"name:UpnOffset" json:"upn_offset"`
DNSDomainNameLength uint16 `idl:"name:DnsDomainNameLength" json:"dns_domain_name_length"`
DNSDomainNameOffset uint16 `idl:"name:DnsDomainNameOffset" json:"dns_domain_name_offset"`
Flags uint32 `idl:"name:Flags" json:"flags"`
}
UPNDNSInfo structure represents UPN_DNS_INFO RPC structure.
func (*UPNDNSInfo) MarshalNDR ¶
func (*UPNDNSInfo) UnmarshalNDR ¶
type UserSessionKey ¶
type UserSessionKey struct {
Data []*CypherBlock `idl:"name:data" json:"data"`
}
UserSessionKey structure represents USER_SESSION_KEY RPC structure.
Source Files
Directories