2.3.4.3 LDAP Entry for Domainv2-Based DFS Link
One LDAP entry exists for each DFS link in the namespace under the DFS namespace LDAP entry.
This object has the following attributes. The schemas for these attributes are specified in [MS-ADA2].
|
Attribute |
Description |
|---|---|
|
msDFS-NamespaceIdentityGUIDv2 |
This is the time-stable identifier for the DFS namespace containing the link, and matches the value specified in the namespace LDAP entry. It is a binary value set at DFS namespace creation time whose size is specified by the rangeLower and rangeUpper attributes. |
|
msDFS-LinkIdentityGUIDv2 |
This is the time-stable identifier for a DFS link. It is a binary value set at DFS link creation time whose size is specified by the rangeLower and rangeUpper attributes. This value is retained in the dynamic object created when the link is deleted. |
|
msDFS-GenerationGUIDv2 |
A binary value whose size is specified by the rangeLower and rangeUpper attributes. This time-stable identifier is overwritten anytime the LDAP entry corresponding to the DFS namespace or the DFS link is modified. This is reserved for future use and MUST NOT be currently used. |
|
msDFS-LinkPathv2 |
A case-insensitive String(Unicode) (see [MS-ADTS] section 3.1.1.2.2.2) that is the DFS root-relative path to the DFS link reparse point. To simplify LDAP searches, path separators are forward slashes (/) instead of backward slashes (\). |
|
msDFS-ShortNameLinkPathv2 |
A case-insensitive String(Unicode) (see [MS-ADTS] section 3.1.1.2.2.2) that is the DFS namespace root-relative path to the DFS link reparse point in short name form. To simplify LDAP searches, path separators are forward slashes (/) instead of backward slashes (\). This is reserved for future use and MUST NOT be currently used. |
|
msDFS-LinkSecurityDescriptorv2 |
A self-relative security descriptor associated with a DFS link. This attribute is used for Access Based Directory Enumeration (ABDE) support. |
|
msDFS-LastModifiedv2 |
A time string format defined by ASN.1 standards. The UTC time in the form YYYYMMDDHHMMSS.0Z"0Z" indicates no time differential. This attribute is updated each time the DFS link is updated. |
|
msDFS-Ttlv2 |
A 32-bit signed integer that is interpreted as an unsigned referral TTL, in seconds. |
|
msDFS-TargetListv2 |
This attribute stores the DFS target information. The information is stored as an XML document that contains a list of targets for the link as well as attributes associated with each target. The maximum size is 2 MB. For the XML schema of the XML document, see Appendix C. |
|
msDFS-Propertiesv2 |
This is a multivalued attribute that contains attributes corresponding to the DFS link (not individual targets). Each attribute is a case-insensitive String(Unicode) (see [MS-ADTS] section 3.1.1.2.2.2). |
|
msDFS-Commentv2 |
An optional attribute that contains a comment associated with the DFS link. A String(Unicode) (see [MS-ADTS] section 3.1.1.2.2.2). |
Attribute values for msDFS-Propertiesv2 are described in the following table. A server MUST ignore unrecognized attribute values when reading the metadata. A server SHOULD<23> preserve unrecognized attribute values when writing the metadata. Note that they are fixed strings. While they have a more general appearance, a string comparison is sufficient to analyze them. The absence of an attribute value in the msDFS-Propertiesv2 attribute indicates that the corresponding property is not set.
For domainv2-based DFS links, the msDFS-Propertiesv2 attribute parallels the functionality of the DFSRootOrLinkIDBLOB (section 2.3.3.1.1.2) Type field used for domainv1-based DFS links.
|
Attribute Value |
Description |
|---|---|
|
InsiteReferral=on |
The DFS in-site referral mode property. When set, instructs the DFS server to enable the DFS in-site referral mode. |
|
ReferralSiteCosting=on |
The DFS referral site costing property. Enables DFS referral site costing. This SHOULD be supported.<24> |
|
TargetFailback=on |
The DFS client target failback property. This enables DFS client target failback for targets of this link. This SHOULD be supported.<25> |
|
Interlink=on |
The DFS interlink property. This MUST be set only when at least one DFS link target points to another domain-based DFS namespace. |
|
State=Okay OR State=Offline OR State=Online |
The state of the DFS link. "State=Okay" means that the DFS link is available for referral requests. "State=Offline" means that the DFS link is offline and none of the DFS targets will be included in the referral response. "State=Online" means that the DFS link is online and available for referral requests. |
The following attributes are mandatory: msDFS-NamespaceIdentityGUIDv2, msDFS-LinkIdentityGUIDv2, msDFS-GenerationGUIDv2, msDFS-LinkPathv2, msDFS-LastModifiedv2, msDFS-Ttlv2, msDFS-TargetListv2, and msDFS-Propertiesv2.
The following attributes are optional: msDFS-ShortNameLinkPathv2, msDFS-LinkSecurityDescriptorv2, and msDFS-Commentv2.
The object class of the LDAP entry corresponding to a DFS link in a domainV2-based DFS namespace is msDFS-Linkv2, and its schema is specified in [MS-ADSC].