2.1 Endpoints
This section specifies the Web Service endpoints that are used by protocols in the ADWS protocol set. ADWS exposes protocols that can be accessed via an endpoint. Each endpoint can be uniquely identified by a Uniform Resource Identifier (URI). The URIs for the ADWS protocols are shown in the following table. All endpoints use the "net.tcp" URI binding type. For semantics of this binding type, see [MS-NMFTB].
|
Endpoint URI |
Protocol exposed by endpoint |
Authentication mechanism (see below) |
|---|---|---|
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/Resource |
Windows Integrated |
|
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/ResourceFactory |
[MS-WSTIM] |
Windows Integrated |
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/Enumeration |
Windows Integrated |
|
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/AccountManagement |
Windows Integrated |
|
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/TopologyManagement |
[MS-ADCAP] |
Windows Integrated |
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/UserName/Resource |
[WXFR], [MS-WSTIM] |
Username/password |
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/UserName/ResourceFactory |
[MS-WSTIM] |
Username/password |
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/UserName/Enumeration |
[WSENUM], [MS-WSDS] |
Username/password |
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/UserName/AccountManagement |
[MS-ADCAP] |
Username/password |
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/UserName/TopologyManagement |
[MS-ADCAP] |
Username/password |
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/mex |
None |
In the preceding table, "localhost" represents the DNS hostname of the server hosting the endpoint. All endpoints listen on TCP port 9389.
The ADWS protocol set uses two types of authentication. Each endpoint (except for the "mex" endpoint) supports one or the other. The forms of authentication are:
Windows Integrated: These endpoints use integrated Windows authentication with the .Net Negotiate Stream protocol [MS-NNS] to authenticate the client and provide message security at the transport layer.
Username/password: These endpoints use TLS to protect the TCP transport. TLS is used to negotiate a session key to protect the TCP transport. The client authenticates (at the message layer) to the server by providing a plaintext username and password, as documented in WS-Security [WSS] and the WS-Security UserNameToken profile [WSSUTP1.1].
The "mex" endpoint neither requires nor supports authentication.