Publishing with Service Connection Points
The Active Directory Schema defines a serviceConnectionPoint (SCP) object class to make it easy for a service to publish service-specific data in the directory. Clients of the service use the data in an SCP to locate, connect to, and authenticate an instance of your service.
This section provides an overview of service connection points and code examples that show how a client/service application uses SCPs.
The code example follows these steps to implement service publication with SCPs.
For more information and a code example that performs these steps, see Creating a Service Connection Point.
To create SCPs in the directory at service installation
- Bind to the computer object for the host computer on which the service instance is installed.
- Create an SCP object as a child of the computer object, specifying the initial values for the attributes of the SCP.
- Set access control entries (ACEs) in the security descriptor of the SCP object to enable the service to modify SCP properties at run time.
- Cache the objectGUID of the SCP in the registry on the service's host computer.
For more information and a code example that performs these steps, see Updating a Service Connection Point.
To update the SCP attributes at service startup
- Retrieve the objectGUID from the registry and use it to bind to the SCP.
- Retrieve attributes, such as serviceDNSName and serviceBindingInformation, from the SCP. Compare these values to the current values and update the SCP if necessary.
For more information and a code example that performs these steps, see How Clients Find and Use a Service Connection Point.
To find and use an SCP by a client application
- Bind to the Global Catalog and search for objects with a keywords attribute that matches the service's product GUID. Each object found is an instance of the service. Select an instance and retrieve the distinguished name of the SCP.
- Use the distinguished name to bind to the SCP.
- Retrieve the values of various attributes from the SCP, such as serviceDNSName and serviceBindingInformation. Use these values to connect to and authenticate the service instance.
For more information about what roles can create and update an SCP, see Security Issues for Service Publication.
For more information about where to create an SCP, see Where to Create a Service Connection Point.
For more information about the kind of data to store in an SCP, see Service Connection Point Properties.
For more information about how a service installer and the service work together to maintain current data in an SCP, see Creating and Maintaining a Service Connection Point.