Share via

2.3.1 Object Naming

In the ADWS data model, directory objects are identified by their object reference property. The object reference property can be either a GUID or the object's LDAP distinguished name.

Note Unless otherwise specified, GUID values are represented using the following forms in this document:

For a directory object O, to specify the object reference property of O as a GUID, the value of the GUID MUST equal the value of O!objectGUID. Alternatively, the object reference property of O can be specified as O's LDAP distinguished name (O!distinguishedName) instead.

The object reference property (in either GUID or distinguished name form) in a SOAP message request identifies the directory object that should be operated on by the operation specified in that message (see section 2.5.2). The object reference property in a SOAP response message indicates the identity of a directory object that is returned in that response message.

The object reference property value in the GUID form of {11111111-1111-1111-1111-111111111111} exclusively refers to the LDAP rootDSE [RFC2251].

The following SOAP message requests use the object reference property as either the GUID or the distinguished name:

  • In adlq:BaseObject in LdapQuery [MS-WSDS]

  • In the ad:objectReferenceProperty SOAP header for a WS-Transfer [WXFR] Get, Put, or Delete operation (section 2.5.2)

  • In the ad:objectReferenceProperty SOAP header for a [MS-WSTIM] BaseObjectSearchRequest or ModifyRequest operation (section 2.5.2)

  • As the value of a directory attribute which has an object reference syntax (see [MS-ADTS], section 3.1.1.1.6)

  • In the ad:container-hierarchy-parent (see section 2.3.3.2) synthetic attribute for a WS-Transfer Put or Create operation

  • In the ad:container-hierarchy-parent (see section 2.3.3.2) synthetic attribute for a [MS-WSTIM] ModifyRequest or AddRequest operation

The object reference property in a protocol response can be in either GUID or distinguished name form.