3.1.1.3.4.2.5 LDAP_SERVER_BATCH_REQUEST_OID
The presence of this OID in the supportedExtension attribute indicates that the DC provides support for the batched LDAP extended operation. In a batched LDAP extended operation, the DC accepts an extended operation that contains a sequence of LDAP messages (that is, LDAP operations) encoded and packed into the operation data and then operates on the individual messages sequentially.
When sending this extended operation to the DC, the data field is set to the BER encoding of the following ASN.1 structure.
-
 BatchRequestRequestValue ::= SEQUENCE of OCTET STRING
Each OCTET STRING contains a BER encoded ([ITUX690]) LDAPMessage as defined in [RFC2251].
The DC MUST support the following values of the protocolOp field of an LDAP message.
searchRequest
modifyRequest
addRequest
deleteRequest
The DC MAY support any of the other legal values of the protocolOp field of an LDAP message. No applicable Windows Server releases support any of these other values.
The DC MUST accept the following controls (defined in section 3.1.1.3.4.1) as part of the encoded LDAPMessage:
LDAP_SERVER_DOMAIN_SCOPE_OID
LDAP_SERVER_EXTENDED_DN_OID
LDAP_SERVER_GET_STATS_OID
LDAP_SERVER_PERMISSIVE_MODIFY_OID
LDAP_SERVER_SD_FLAGS_OID
LDAP_SERVER_SEARCH_OPTIONS_OID
LDAP_SERVER_SHOW_DELETED_OID
LDAP_SERVER_DN_INPUT_OID
LDAP_SERVER_SHOW_DEACTIVATED_LINK_OID
LDAP_SERVER_SHOW_RECYCLED_OID
The DC MAY support other controls. No applicable Windows Server releases support any other controls.
If the DC returns any return code for the batched LDAP extended operation other than success / <unrestricted>, then the DC returns no data for the batched LDAP extended operation.
If the DC returns any data for the batched LDAP extended operation, the data is set to the BER encoding of the following ASN.1 structure.
-
 BatchRequestResponseValue ::= SEQUENCE of LDAPMessage
If the DC receives an LDAPMessage containing unsupported protocolOp values or controls, or if the data for the batched LDAP extended operation is not a legal BER encoding as required, the DC MUST return the error protocolError / <unrestricted>.
If the number of individual messages in the return data exceeds the DC's limit, the overall batched LDAP extended operation returns the error sizeLimitExceeded / <unrestricted>. This limit is controlled by the MaxBatchReturnMessages LDAP policy (see section 3.1.1.3.4.6).
If the amount of time spent processing the batched LDAP extended operation exceeds the DC's limit, the overall batched LDAP extended operation returns the error timeLimitExceeded / ERROR_INVALID_PARAMETER. This limit is implementation-defined. In Windows Server 2012 operating system and later this limit is controlled by the MaxQueryDuration LDAP policy (see section 3.1.1.3.4.6).
If any operation in a batched LDAP extended operation results in an LDAP return code other than success / <unrestricted>, then all subsequent operations in that batched LDAP operation are not performed and all prior operations are "rolled back"; that is, no changes that would have been caused by the operations are committed to the DC's state. Note that, other than where explicitly stated, the return codes of these individual operations do not affect the return code of the batched LDAP extended operation.
If an individual operation in the batched LDAP extended operation returns busy / <unrestricted>, then the batched LDAP extended operation returns the return code generated by that individual operation.
If no other error conditions are present, the DC returns the error code success / <unrestricted>.
If the DC returns any return code for the batched LDAP extended operation other than success / <unrestricted>, then all operations in that batched LDAP operation are "rolled back"; that is, no changes caused by the operations are committed to the DC's state.
The returned data for the batched LDAP extended operation is the sequence containing the return messages generated by performing the individual operations encoded in the incoming data. Note especially that if an individual operation fails, causing the whole sequence to be interrupted and "rolled back", the return sequence of messages includes all messages generated up to and including the message returning the individual operation's failure code. In this case, the returned data can show successful modifications to DC state, but since the final message in the incoming sequence of operations was not completed with a successful return code, these messages indicate only that the operations that modify the DC state would have succeeded and been committed if they had been the last operation in the sequence of messages; that is, these messages indicate that the operations up to the operation that failed would have succeeded.