3.1.4.1.3 Creating or Updating a Server Configuration Object

  • Article

As specified in section 1.5, a Server Configuration object MUST be present in the Active Directory database for successful operation of this protocol. Server implementations MUST use the parameters configured in this object when creating a new root key, as specified in section 3.1.4.1.1. The procedure in this section specifies how to create or update a Server Configuration object in Active Directory.

  1. Locate the DC, as specified in [MS-NRPC] section 3.5.4.3.1.

  2. To create a new Server Configuration object, create it in Active Directory under the Configuration Naming Context with the msKds-ProvServerConfiguration class (section 2.3) at the location specified in section 1.9, by using the procedure specified in [MS-ADTS] section 3.1.1.5.2.

  3. Populate the Server Configuration object attributes with the values for the parameters specified in the following table and then close the Active Directory connection.

    Note  All values in this table are optional, with exception of the required value for the msKds-Version parameter. If the optional values are omitted, the server will behave as specified in section 3.1.4.1.2.

    Parameter name

    Values

    Data type

    msKds-Version

    1

    32-bit unsigned integer

    msKds-KDF-AlgorithmID

    "SP800_108_CTR_HMAC"

    Unicode string

    msKds-KDF-Param

    KDF parameters

    Section 2.2.1 structure

    msKds-SecretAgreement-AlgorithmID

    "DH", "ECDH_P256", "ECDH_P384", or "ECDH_P521"

    Unicode string

    msKds-SecretAgreement-Param

    FFC DH parameters

    Section 2.2.2 structure

    msKds-PublicKey-Length

    Defined by algorithm in use

    32-bit unsigned integer

    msKds-PrivateKey-Length

    Defined by algorithm in use

    32-bit unsigned integer

  • To update an existing Server Configuration object, locate the object in Active Directory according to its DN and specify the modifications to be performed by using the procedure specified in [MS-ADTS] section 3.1.1.5.3.

    Refer to the data in the table of this section when updating the attributes of the Server Configuration object and close the Active Directory connection when complete.

    Note  Active Directory schema information for the Server Configuration object is specified in [MS-ADSC] section 2.160.