Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This section lists entities that depend on the interfaces provided by the Active Directory protocols, as well as other entities that the Active Directory protocols depend on. Other entities take dependencies on the Active Directory protocols, and in particular on AD DS, not only by making use of the Active Directory protocols' external interfaces, but also by sharing state with this system; that is, there are overlapping abstract data models.
The Active Directory protocols depend on the Windows Authentication Services [MS-AUTHSOD] to authenticate clients that are accessing the system. The system controls access based on the identity of the client.
The following components have dependencies on the protocol interfaces provided by the Active Directory system. All of these components apply to Active Directory that is operating as AD DS. Note that while these components depend on the Active Directory system, the Active Directory system does not in turn depend on them. In other words, any of these components can be omitted from the environment, and the Active Directory system will continue to function.
The Active Directory protocols influence the behavior of the following components:
Print Services: The Print Services service can optionally publish information about shared printers in the directory. Domain-joined clients discover shared printers that are available to them by querying the directory for this information.
Message Queuing: The Message Queuing service uses the directory service to store information such as queue and system metadata.
Network Access Protection: The Network Access Protection (NAP) service [MS-NAPOD] determines how machines can be examined for access to a network. The machines need to be members of a domain to authenticate to the NAP servers.
Group Policy: The Group Policy service [MS-GPOD] defines how domain clients can retrieve group policy information from the domain controller, which is based on the group memberships of a domain account and a domain account's location in the LDAP directory structure.
Windows Server Update: This component specifies how different machines in a domain can have different update policies for patch management, which relies on domain interactions to specify the domain authorization information.
File Services: This component specifies how file servers present a unified view of files and other resources, and rely upon [MS-AUTHSOD] and domain interactions for authentication when the file server is part of a domain.
Infrastructure Service: The Infrastructure Service includes services such as name resolution (DNS, WINS) and network maintenance services (routers). The directory service uses such services to make domain controllers available to their clients.
Authentication System: The authentication system [MS-AUTHSOD] defines how other protocols take advantage of authentication protocols such as NTLM and Kerberos to secure their communications, and also defines the authentication services that support the client-to-server communication. The authentication system depends on domain interactions to specify how those protocols are used in a domain context to authenticate clients to servers when both are members of a domain.
Several protocol groups leverage the domain controller as the source of identity and authorization information for the domain. These include:
Browser Services, which define how the browser service leverages the directory service to browse and locate the shared resources in the domain based on information that is associated with the accounts in the domain.
Certificate Services, which specifies how the certificate authority leverages the domain infrastructure to manage certificate distribution and enrollment, and makes authorization decisions based on information that is associated with the accounts in the domain.
Rights Management, which determines how content can be protected against offline access based on authorization information from the directory.