3.1.1.3.4.2 LDAP Extended Operations

  • Article

msdn link

LDAP extended operations are an extensibility mechanism in version 3 of LDAP, as discussed in [RFC2251] section 4.12. The following sections describe the LDAP extended operations that are implemented by DCs in Windows Server 2003 operating system and later (including Active Directory Application Mode (ADAM)).

The LDAP extended operations supported by a DC are exposed as OIDs in the supportedExtension attribute of the rootDSE. Each OID is mapped to a human-readable name as shown in the following table.

Extended operation name

OID

LDAP_SERVER_FAST_BIND_OID

1.2.840.113556.1.4.1781

LDAP_SERVER_START_TLS_OID

1.3.6.1.4.1.1466.20037

LDAP_TTL_REFRESH_OID

1.3.6.1.4.1.1466.101.119.1

LDAP_SERVER_WHO_AM_I_OID

1.3.6.1.4.1.4203.1.11.3

LDAP_SERVER_BATCH_REQUEST_OID

1.2.840.113556.1.4.2212

Only Windows Server 2003 and later DCs support extended operations. The following table specifies the set of LDAP extended operations supported in applicable Windows Server releases or ADAM versions that support extended operations.

The table contains information for the following products. See section 3 for more information.

  • D --> Windows Server 2003

  • DR2 --> Windows Server 2003 R2 operating system

  • G --> ADAM

  • J --> Windows Server 2008 operating system

  • M --> Windows Server 2008 R2 operating system

  • R --> Windows Server 2012 operating system

  • U --> Windows Server 2012 R2 operating system

  • X --> Windows Server 2016 operating system

  • A2 --> Windows Server v1709 operating system

  • D2 --> Windows Server v1803 operating system

  • G2 --> Windows Server v1809 operating system

  • J2 --> Windows Server 2019 operating system

    Extended operation name

    D, DR2

    G, J, M

    R, U, X, A2, D2, G2, J2

    LDAP_SERVER_FAST_BIND_OID

    X

    X

    X

    LDAP_SERVER_START_TLS_OID

    X

    X

    X

    LDAP_TTL_REFRESH_OID

    X

    X

    X

    LDAP_SERVER_WHO_AM_I_OID

    X

    X

    LDAP_SERVER_BATCH_REQUEST_OID

    X

Each of these operations is executed by performing an LDAP ExtendedRequest operation, specifying the OID of the extended operation as the requestName field in the ExtendedRequest (see [RFC2251] section 4.12). The server responds to an ExtendedRequest by returning an ExtendedResponse, the fields of which are also documented in section 4.12 of the RFC.