Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The processing rules in this section are used to determine whether the domain controller (DC) supports signing or not.
Input Parameters:
InputADConnectionHandle: An ADConnection handle (see [MS-ADTS] section 7.2 for more information about ADConnection).
Output Parameters:
-
True or False, depending on whether the DC supports signing or not.
Processing Rules:
Invoke the "Establishing an ADConnection" task ([MS-ADTS] section 7.6.1.3) with the following parameter:
TaskInputADConnection: InputADConnectionHandle
If the TaskReturnStatus returned is FALSE, return FALSE.
Invoke the "Perform an LDAP Operation on an ADConnection" task ([MS-ADTS] section 7.6.1.6) with the following parameters:
TaskInputADConnection: InputADConnectionHandle
TaskInputRequestMessage: LDAP SearchRequest message ([RFC2251] section 4.5.1) as follows:
baseObject: NULL
scope: baseObject
filter: (objectClass=*)
attributes: The CA SHOULD use the following attributes:
supportedCapabilities
sizeLimit: 10000
timeLimit: 120
derefAliases: neverDerefAliases
typesOnly: FALSE
TaskOutputResultMessage: Upon successful return from the task, this parameter will contain the results of the LDAP search.
If the TaskReturnStatus returned is not 0, return FALSE.
If TaskOutputResultMessage contains 1.2.840.113556.1.4.1791 (LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID_W), then return TRUE, else return FALSE.