3.1.1.3.2 rootDSE Attributes

msdn link

This section specifies the readable attributes on the rootDSE of Windows 2000 operating system and later DCs (both AD DS and AD LDS).

All of these rootDSE attributes are read-only; an LDAP request to modify any of them will be rejected with the error unwillingToPerform / <unrestricted>.

The rootDSE attributes are not described by the schema, but occurrences of rootDSE attribute names are underlined in this document as per the convention for any other LDAP attribute.

The following table specifies which of these rootDSE attributes are supported by applicable Windows Server releases or Active Directory Application Mode (ADAM) versions.

The table contains information for the following products. See section 3 for more information.

  • A --> Windows 2000

  • D --> Windows Server 2003 operating system

  • DR2 --> Windows Server 2003 R2 operating system

  • G --> ADAM

  • K --> Windows Server 2008 operating system AD DS

  • L --> Windows Server 2008 AD LDS

  • N --> Windows Server 2008 R2 operating system AD DS

  • P --> Windows Server 2008 R2 AD LDS

  • S --> Windows Server 2012 operating system AD DS

  • T --> Windows Server 2012 AD LDS

  • V --> Windows Server 2012 R2 operating system AD DS

  • W --> Windows Server 2012 R2 AD LDS

  • Y --> Windows Server 2016 operating system AD DS

  • Z --> Windows Server 2016 AD LDS

  • B2 --> Windows Server v1709 operating system AD DS

  • C2 --> Windows Server v1709 AD LDS

  • E2 --> Windows Server v1803 operating system AD DS

  • F2 --> Windows Server v1803 AD LDS

  • H2 --> Windows Server v1809 operating system AD DS

  • I2 --> Windows Server v1809 AD LDS

  • K2 --> Windows Server 2019 operating system AD DS

  • L2 --> Windows Server 2019 AD LDS

  • M2 --> Windows Server v1903 operating system AD DS

  • N2 --> Windows Server v1903 AD LDS

  • P2 --> Windows Server 2022 operating system AD DS

  • Q2 --> Windows Server 2022 AD LDS

  • R2 --> Windows Server 2022, 23H2 operating system AD-DS

  • S2 --> Windows Server 2022, 23H2 AD-LDS

    Attribute name

    A

    D, DR2

    G

    K, N

    L, P

    S

    T

    V

    W

    Y

    Z

    B2

    C2

    E2, H2, K2,

    M2,                                                                                                                                               

    P2                                                                                                                                                

    F2, I2, L2,

    N2,

    Q2                                                                                                                                               

    R2, S2

    configurationNamingContext

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    currentTime

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    defaultNamingContext

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    dNSHostName

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    dsSchemaAttrCount

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    dsSchemaClassCount

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    dsSchemaPrefixCount

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    dsServiceName

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    highestCommittedUSN

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    isGlobalCatalogReady

    X

    X

    X

    X

    X

    X

    X

    X

    isSynchronized

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    ldapServiceName

    X

    X

    X

    X

    X

    X

    X

    X

    namingContexts

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    netlogon

    X

    X

    X

    X

    X

    X

    X

    X

    pendingPropagations

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    rootDomainNamingContext

    X

    X

    X

    X

    X

    X

    X

    X

    schemaNamingContext

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    serverName

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    subschemaSubentry

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    supportedCapabilities

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    supportedControl

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    supportedLDAPPolicies

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    supportedLDAPVersion

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    supportedSASLMechanisms

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    domainControllerFunctionality

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    domainFunctionality

    X

    X

    X

    X

    X

    X

    X

    forestFunctionality

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    msDS-ReplAllInboundNeighbors

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    msDS-ReplAllOutboundNeighbors

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    msDS-ReplConnectionFailures

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    msDS-ReplLinkFailures

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    msDS-ReplPendingOps

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    msDS-ReplQueueStatistics

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    msDS-TopQuotaUsage

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    supportedConfigurableSettings

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    supportedExtension

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    validFSMOs

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    dsaVersionString

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    msDS-PortLDAP

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    msDS-PortSSL

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    msDS-PrincipalName

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    serviceAccountInfo

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    spnRegistrationResult

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    tokenGroups

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    usnAtRifm

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    approximateHighestInternalObjectID

    X

    X

    X

    X

    X

    X

    X

    X

    X

    X

    databaseGuid

    X

    X

    X

    X

    X

    X

    X

    X

    schemaIndexUpdateState

    X

    X

    X

    X

    X

    X

    X

    X

    dumpLdapNotifications

    X

    X

    X

    X

    X

    X

    msDS-ProcessLinksOperations *

    X

    X

    X

    X

    X

    X

    X

    X

    msDS-SegmentCacheInfo **

    X

    X

    msDS-ThreadStates ***

    X

    X

    X

    X

    X

    X

    ConfigurableSettingsEffective

    X

    X

    X

    X

    LDAPPoliciesEffective

    X

    X

    X

    X

    msDS-ArenaInfo

    X

    X

    X

    X

    msDS-Anchor

    X

    X

    msDS-PrefixTable

    X

    X

    msDS-SupportedRootDSEAttributes

    X

    X

    msDS-SupportedRootDSEModifications

    X

    X

    msDS-DiskUsage ****

    X

    X

    msDS-DatabaseIndices ****

    X

    X

    msDS -DatabaseIndicesWithSize ****

    X

    X

    msDS-PriorityBoost

    X

* The msDS-ProcessLinksOperations rootDSE attribute is available in Windows Server 2012 R2 only if [MSKB-3192404] is installed. The attribute is available in Windows Server 2016 only if [MSKB-4038801] is installed.

** The msDS-SegmentCacheInfo rootDSE attribute is available in Windows Server 2012 R2 only if [MSKB-4019217] is installed.

*** The msDS-ThreadStates rootDSE attribute is available in Windows Server 2016 only if [MSKB-4025334] is installed.

**** The rootDSE attributes msDS-DiskUsage, msDS-DatabaseIndices, and msDS -DatabaseIndicesWithSize are supported by the operating systems specified in [MSKB-5023705], [MSKB-5023702], [MSKB-5023706], [MSKB-5023698], and [MSKB-5023696]; each with its related KB article download installed.

The following table shows, for each rootDSE attribute, whether or not the attribute is operational (that is, whether the server returns the attribute only when it is explicitly requested) and the LDAP syntax of the returned value.

Attribute name

Operational?

LDAP syntax

configurationNamingContext

N

Object(DS-DN)

currentTime

N

String(Generalized-Time)

defaultNamingContext

N

Object(DS-DN)

dNSHostName

N

String(Unicode)

dsSchemaAttrCount

Y

Integer

dsSchemaClassCount

Y

Integer

dsSchemaPrefixCount

Y

Integer

dsServiceName

N

Object(DS-DN)

highestCommittedUSN

N

LargeInteger

isGlobalCatalogReady

N

Boolean

isSynchronized

N

Boolean

ldapServiceName

N

String(Unicode)

namingContexts

N

Object(DS-DN)

netlogon

Y

String(Octet)

pendingPropagations

Y

Object(DS-DN)

rootDomainNamingContext

N

Object(DS-DN)

schemaNamingContext

N

Object(DS-DN)

serverName

N

Object(DS-DN)

 subschemaSubentry

N

Object(DS-DN)

supportedCapabilities

N

String(Object-Identifier)

supportedControl

N

String(Object-Identifier)

supportedLDAPPolicies

N

String(Unicode)

supportedLDAPVersion

N

Integer

supportedSASLMechanisms

N

String(Unicode)

domainControllerFunctionality

N

Integer

domainFunctionality

N

Integer

forestFunctionality

N

Integer

msDS-ReplAllInboundNeighbors

Y

String(Unicode)*

msDS-ReplAllOutboundNeighbors

Y

String(Unicode)*

msDS-ReplConnectionFailures

Y

String(Unicode)*

msDS-ReplLinkFailures

Y

String(Unicode)*

msDS-ReplPendingOps

Y

String(Unicode)*

msDS-ReplQueueStatistics

Y

String(Unicode)*

msDS-TopQuotaUsage

Y

String(Unicode)**

supportedConfigurableSettings

Y

String(Unicode)

supportedExtension

Y

String(Object-Identifier)

validFSMOs

Y

Object(DS-DN)

dsaVersionString

Y

String(Unicode)

msDS-PortLDAP

Y

Integer

msDS-PortSSL

Y

Integer

msDS-PrincipalName

Y

String(Unicode)

serviceAccountInfo

Y

String(Unicode)

spnRegistrationResult

Y

Integer

tokenGroups

Y

String (SID)

usnAtRifm

Y

LargeInteger

approximateHighestInternalObjectID

Y

Integer

databaseGuid

Y

String(Teletex)

schemaIndexUpdateState

Y

Integer

dumpLdapNotifications

Y

String(Unicode)

msDS-ProcessLinksOperations

Y

String(Unicode)

msDS-SegmentCacheInfo

Y

String(Unicode)

msDS-ThreadStates

Y

String(Unicode)

ConfigurableSettingsEffective

Y

String(Unicode)

LDAPPoliciesEffective

Y

String(Unicode)

msDS-ArenaInfo

Y

String(Unicode)

msDS-Anchor

Y

String(Unicode)

msDS-PrefixTable

Y

String(Unicode)

msDS-SupportedRootDSEAttributes

Y

String(Unicode)

msDS-SupportedRootDSEModifications

Y

String(Unicode)

msDS-DiskUsage

Y

String(Unicode)

msDS-DatabaseIndices

Y

String(Unicode)

msDS-DatabaseIndicesWithSize

Y

String(Unicode)

msDS-PriorityBoost

Y

Integer

* These values contain XML. At the client's request, the server will return the value as binary data in String(Octet) syntax instead.

** This value contains XML.