Condividi tramite

4.1 Product Behavior

  • Articolo

<1> Section 1: AD DS uses the operations described in [MS-NRPC] section 3.6 only to maintain the change log that Windows NT 4.0 operating system backup domain controller (BDC) replication uses.

<2> Section 2.4: This feature is implemented on Windows Server 2012 operating system and later.

<3> Section 2.5.1: [RFC2136] allows dynamic update responses to be formed in either of the following two ways:

  1. Respond with the ZOCOUNT, PRCOUNT, UPCOUNT, and ADCOUNT fields and corresponding sections that are copied from the request.

  2. Respond with the ZOCOUNT, PRCOUNT, UPCOUNT, and ADCOUNT fields set to 0 and without copying the corresponding sections from the request.

The Windows DNS server in Windows NT operating system, Windows 2000 Server operating system, and later use Method 1 when formatting dynamic update responses. The Windows DNS client in Windows 2000 operating system, Windows XP operating system, Windows Server 2003 operating system, Windows Vista operating system, and Windows Server 2008 operating system expect Method 1 when parsing dynamic update responses and might log an error when parsing dynamic update responses that use Method 2. The Windows DNS client in Windows 7 operating system and later and in Windows Server 2008 R2 operating system and later accept either method of formatting dynamic update responses.

<4> Section 2.8: Web Services support is included in Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS) for Windows Server 2008 R2 and later. Web Services support for AD DS and AD LDS is also available as a separate installable package (namely, Active Directory Management Gateway Service) for the following operating systems: Windows Server 2003 operating system with Service Pack 2 (SP2), Windows Server 2003 R2 operating system SP2, and Windows Server 2008.

<5> Section 2.11.2: The Microsoft implementation of Active Directory Web Services permits administrators to configure settings that are used to limit the amount of server resources that can be consumed in processing a request. Examples of such settings are included below for illustrative purposes. Implementations are free to implement some, all, or none of these settings, and to implement other settings of their own devising.

Common to implementations of WS-Transfer, WS-Enumeration, and ADCAP:

  • Maximum size of a SOAP request message that the directory service accepts.

  • Maximum level of nested XML elements in the SOAP request message that the directory service accepts.

  • Maximum length of strings and maximum number of elements in arrays in the SOAP request message that the directory service accepts.

  • Maximum number of concurrent requests that the directory service processes at one time.

  • Maximum number of concurrent requests from one user that the directory service processes at one time.

  • Length of time the directory service waits when it performs an operation before the operation is timed-out.

Specific to implementations of WS-Enumeration:

  • Maximum total number of enumeration contexts that can exist at one time.

  • Length of time an enumeration context can be left idle by a client before the directory service automatically releases it.

  • Length of time an enumeration context can be kept open (whether idle or in use) by a client before the directory service automatically releases it.

  • Maximum expiration time the directory service permits a client to specify in an Enumerate or Renew request (via the Expires element).

  • Maximum amount of time the directory service permits a client to specify in a Pull request (via the MaxTime element).

  • Maximum number of elements the directory service permits a client to specify in a Pull request (via the MaxElements element).

<6> Section 3.1.1: A workstation that logs on to a Windows 2000 domain queries DNS for SRV records in the general form:

 _service._protocol.DnsDomainName

<7> Section 3.2.18: Windows uses the highest version of the operation first; that is, LsarOpenPolicy2 is preferred over LsarOpenPolicy.

<8> Section 3.2.18: Windows uses the highest version of the operation first; that is, LsarLookupSids2 is preferred over LsarLookupSids.

<9> Section 3.2.18: Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 operating system, and Windows Server 2012, when operating as LSA clients, send an additional LsarLookupNames request to retrieve the currently logged on user, and the server responds with a LsarLookupNames response.