Edit

Share via


RootDSE (AD Schema)

In LDAP 3.0, rootDSE is defined as the root of the directory data tree on a directory server. The rootDSE is not part of any namespace. The purpose of the rootDSE is to provide data about the directory server. For more information about rootDSE, see Serverless Binding and RootDSE in the Active Directory SDK documentation.

rootDSE contains the following attributes. All attributes are single-valued unless otherwise noted.

Attribute Syntax Description
configurationNamingContext
String(Teletex)
Contains the distinguished name for the configuration container.
currentTime
String(Teletex)
Contains the current time set on this directory server in Coordinated Universal Time format.
defaultNamingContext
String(Teletex)
Contains the distinguished name for the domain of which this directory server is a member.
dnsHostName
String(Teletex)
Contains the DNS address for this directory server.
domainControllerFunctionality
String(Teletex)
Indicates the functional level of the domain controller. This can be one of the following values.
"0" - Windows 2000 Mode
"2" - Windows Server 2003 Mode
"3" - Windows Server 2008 Mode
domainFunctionality
String(Teletex)
Indicates the functional level of the domain. This can be one of the following values.
"0" - Windows 2000 Domain Mode
"1" - Windows Server 2003 Interim Domain Mode
"2" - Windows Server 2003 Domain Mode
"3" - Windows Server 2008 Domain Mode
"4" - Windows Server 2008 R2 Domain Mode
dsServiceName
String(Teletex)
Contains the distinguished name of the NTDS settings object for this directory server.
forestFunctionality
String(Teletex)
Indicates the functional level of the forest. This can be one of the following values.
"0" - Windows 2000 Forest Mode
"1" - Windows Server 2003 Interim Forest Mode
"2" - Windows Server 2003 Forest Mode
"3" - Windows Server 2008 Forest Mode
"4" - Windows Server 2008 R2 Forest Mode
highestCommittedUSN
String(Teletex)
Contains the highest update sequence number (USN) on this directory server. Used by directory replication.
isGlobalCatalogReady
String(Teletex)
Indicates if the global catalog is fully operational. Contains either "TRUE" or "FALSE".
isSynchronized
String(Teletex)
Indicates if the directory server is fully synchronized. Contains either "TRUE" or "FALSE".
ldapServiceName
String(Teletex)
Contains the Service Principal Name (SPN) for the LDAP server. Used for mutual authentication.
namingContexts
String(Teletex)
A multiple-valued attribute that contains the distinguished names for all naming contexts stored on this directory server. By default, a Windows 2000 domain controller contains at least three naming contexts: Schema, Configuration, and one for the domain of which the server is a member.
rootDomainNamingContext
String(Teletex)
Contains the distinguished name for the first domain in the forest that contains the domain of which this directory server is a member.
schemaNamingContext
String(Teletex)
Contains the distinguished name for the schema container.
serverName
String(Teletex)
Contains the distinguished name for the server object for this directory server in the configuration container.
subschemaSubentry
String(Teletex)
Contains the distinguished name for the subSchema object. The subSchema object contains properties that expose the supported attributes (in the attributeTypes property) and classes (in the objectClasses property).
The subschemaSubentry property and subschema are defined in LDAP 3.0 (see RFC 2251).
supportedCapabilities
String(Teletex)
A multiple-valued attribute that contains the capabilities supported by this directory server.
supportedControl
String(Teletex)
A multiple-valued attribute that contains the OIDs for extension controls supported by this directory server. See the table below for a list of the possible control OIDs.
supportedLDAPPolicies
String(Teletex)
A multiple-valued attribute that contains the names of the supported LDAP management policies.
supportedLDAPVersion
String(Teletex)
A multiple-valued attribute that contains the LDAP versions (specified by major version number) supported by this directory server.
supportedSASLMechanisms
String(Teletex)
Contains the security mechanisms supported for SASL negotiation (see LDAP RFCs). By default, GSSAPI is supported.

Active Directory supports the following control OIDs in the supportedControl attribute. For more information, see LDAPControl and ldap_search_init_page.

Control OID String constant
1.2.840.113556.1.4.319
LDAP_PAGED_RESULT_OID_STRING
1.2.840.113556.1.4.473
LDAP_SERVER_SORT_OID
1.2.840.113556.1.4.474
LDAP_SERVER_RESP_SORT_OID
1.2.840.113556.1.4.801
LDAP_SERVER_SD_FLAGS_OID
1.2.840.113556.1.4.528
LDAP_SERVER_NOTIFICATION_OID
1.2.840.113556.1.4.417
LDAP_SERVER_SHOW_DELETED_OID
1.2.840.113556.1.4.619
LDAP_SERVER_LAZY_COMMIT_OID
1.2.840.113556.1.4.841
LDAP_SERVER_DIRSYNC_OID
1.2.840.113556.1.4.529
LDAP_SERVER_EXTENDED_DN_OID
1.2.840.113556.1.4.805
LDAP_SERVER_TREE_DELETE_OID
1.2.840.113556.1.4.521
LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID
1.2.840.113556.1.4.1338
LDAP_SERVER_VERIFY_NAME_OID
1.2.840.113556.1.4.1339
LDAP_SERVER_DOMAIN_SCOPE_OID
1.2.840.113556.1.4.1340
LDAP_SERVER_SEARCH_OPTIONS_OID
1.2.840.113556.1.4.1413
LDAP_SERVER_PERMISSIVE_MODIFY_OID