2.6 Assumptions and Preconditions

The following assumptions and preconditions have to be satisfied for the Active Directory system to start to operate successfully:

  • For AD DS, the server is configured (that is, "promoted") to act as an AD DS domain controller. This is accomplished by having the server host the Active Directory service in AD DS mode. When hosting an AD DS directory service, the directory server registers (if not already registered) DNS and NetBIOS records, as described in [MS-ADTS] sections 6.3.2 and 6.3.4, respectively, to enable clients to locate the directory server. If an AD LDS directory service is hosted on a directory server that is joined to an AD DS domain, the directory server publishes itself by creating an object in AD DS, as described in [MS-ADTS] section 6.3.8.

  • When operating as AD DS, after the server has initialized the protocols that are listed in section 2.4 and is prepared to process incoming requests for those protocols, the directory server begins responding to LDAP and mailslot ping requests in the manner described in [MS-ADTS] sections 6.3.3 and 6.3.5, respectively.

  • For AD DS, member clients assume basic network connectivity and the availability of basic network infrastructure services, such as DNS. Prior to being associated with a domain, there are no other notable preconditions for member clients. After a client has been associated with a domain, it is under the assumption that the domain controller also has an entry in its directory that corresponds to the client. If this assumption is proven wrong, the system (from the client's perspective) becomes unusable until the association is reestablished.

  • For AD LDS, the server is configured to host the Active Directory service that operates in AD LDS mode.

  • A network that provides transport for communications between the directory server and its clients is available. As described in section 2.5, this network supplies access to DNS and supports the TCP, UDP, and SMB transports.

  • The transport protocol for that network is available and configured; for example, the TCP transport is configured with a valid IP address.

  • Support for all authentication mechanisms that are indicated in the technical documents of the Active Directory system's member protocols are available.

  • The durable storage system that is used to store the Active Directory system's state is available to the Active Directory system.

  • The directory contains at least the required directory objects and naming contexts described in [MS-ADTS] section 6.1.

  • The directory's schema contains at least the attribute and class schema definitions described in [MS-ADA1], [MS-ADA2], [MS-ADA3], and [MS-ADSC] (for AD DS) or [MS-ADLS] (for AD LDS) in order to be compliant with the protocol described in [MS-ADTS]. However, Active Directory currently does not make use of all the attributes and classes that are defined in the schema definitions.

Upon startup, the Active Directory system initializes all of the protocols that are listed in section 2.4 as described in the protocol documents for each listed protocol and also begins servicing requests that are coming in on those protocols' interfaces. There is no requirement that the protocols be initialized in a particular sequence.

Because member clients treat all domain controller instances as equivalent, each domain controller that operates as AD DS needs to ensure that it is synchronized with its peer AD DS domain controllers, if any are supported in the implementation, through implementation-specific means such as directory replication.