Domain Services Interaction Server Protocols Scenario
Protocols used to enable member servers of Windows domains to securely provide pass-through authentication to Windows clients and servers seeking to access a service or application (such as a file server).
|
Specification |
Description |
|---|---|
|
Specifies the Active Directory Schema Attributes A-L, which contains a partial list of the objects that exist in the Active Directory schema (attributes beginning with the letters A through L). |
|
|
Specifies the Active Directory Schema Attributes M, which contains a partial list of the objects that exist in the Active Directory schema (attributes beginning with the letter M). |
|
|
Specifies the Active Directory Schema Attributes N-Z, which contains a partial list of the objects that exist in the Active Directory schema (attributes beginning with the letters N through Z). |
|
|
[MS-ADCAP]: Active Directory Web Services: Custom Action Protocol Specification |
Specifies the Active Directory Web Services: Custom Action Protocol, used for directory access in identity management and topology management. This protocol enables the transition of client applications that are currently using non–Web services protocols for managing information held in directory services to instead use Web services protocols. |
|
[MS-ADDM]: Active Directory Web Services: Data Model and Common Elements |
Specifies the Active Directory Web Services: Data Model and Common Elements. This protocol contains an XML data model and other protocol components (such as the definition of an XPath 1.0–derived selection language) that are used in various protocols that belong to the set of Active Directory Web Services protocols. |
|
[MS-ADFSPP]: Active Directory Federation Service (AD FS) Proxy Protocol |
Specifies the Federation Service Proxy Protocol, which is used by a security token service (STS) proxy to obtain configuration data about an STS in order to assist users in selecting an acceptable security realm from which to obtain a security token. |
|
[MS-ADFSWAP]: Active Directory Federation Service (AD FS) Web Agent Protocol |
Specifies the Federation Service Web Agent Protocol, which is used by a Web service (WS) resource to obtain configuration data about a security token service (STS) in order to validate tokens from that STS using the protocol defined in [MS-MWBF]. |
|
[MS-ADLS]: Active Directory Lightweight Directory Services Schema |
Specifies the Active Directory Lightweight Directory Services Schema, which contains a list of the objects that exist in the Active Directory Lightweight Directory Services schema. |
|
Specifies the Active Directory Schema Classes, which contains a partial list of objects that exist in the Active Directory schema. |
|
|
Specifies the Active Directory Technical protocol. This protocol describes the state model for Active Directory. |
|
|
[MS-APDS]: Authentication Protocol Domain Support Specification |
Specifies Authentication Protocol Domain Support, which is the communication process between a server and a domain controller that uses Netlogon interfaces to complete an authentication sequence. |
|
Specifies how to encrypt secret values (such as cryptographic keys), so they can be backed up to storage that is not specially protected, and how to decrypt such values in the event recovery is necessary. |
|
|
[MS-DSML]: Directory Services Markup Language (DSML) 2.0 Protocol Extensions |
Specifies the Directory Services Markup Language (DSML) 2.0 Protocol Extensions. The SOAP session extensions (SSE) make it possible to maintain state information across multiple request/response operations. |
|
Specifies the Microsoft implementation of the Kerberos Protocol Extensions, as specified in [RFC4120], by specifying any Windows behaviors that differ from the Kerberos Protocol, in addition to Windows extensions for interactive logon and the inclusion of authorization information expressed as group memberships and related information. |
|
|
[MS-LSAD]: Local Security Authority (Domain Policy) Remote Protocol Specification |
Specifies the Local Security Authority (Domain Policy) Remote Protocol. It provides an RPC interface used for providing remote management for policy settings related to account objects, secret objects, trusted domain objects (TDOs), and other security-related policy settings. |
|
[MS-LSAT]: Local Security Authority (Translation Methods) Remote Protocol Specification |
Specifies the Local Security Authority (Translation Methods) Remote Protocol, which is implemented in Windows-based products to translate identifiers for security principal between human-readable and machine-readable forms. |
|
Specifies the .NET NegotiateStream Protocol, which provides mutually authenticated and confidential communication over a TCP connection. It uses the Simple and Protected GSS-API Negotiation mechanism (SPNEGO) for security services (authentication, key derivation, and data encryption and decryption). |
|
|
Specifies the Netlogon Remote Protocol, a Microsoft-defined RPC interface that is used for user and machine authentication on domain-based networks; to replicate the user account database for operating systems earlier than Windows 2000 backup domain controllers; to maintain domain relationships from the members of a domain to the domain controller, among domain controllers for a domain, and between domain controllers across domains; and to discover and manage these relationships. |
|
|
Specifies the Privilege Attribute Certificate Data Structure, which is used to encode authorization information. The Privilege Attribute Certificate also contains memberships, additional credential information, profile and policy information, and supporting security metadata. |
|
|
Specifies the Public Key Cryptography for Initial Authentication (PKINIT) in Kerberos Protocol, which enables the use of public key cryptography in the initial authentication exchange of the Kerberos Protocol and specifies the Windows implementation of PKINIT where it differs from [RFC4556]. |
|
|
[MS-RCMP]: Remote Certificate Mapping Protocol Specification |
Specifies the Remote Certificate Mapping Protocol, which enables servers to use a directory, database, or other technology to map the user's X.509 certificate to a security principal. |
|
[MS-SAMR]: Security Account Manager (SAM) Remote Protocol Specification (Client-to-Server) |
Specifies the Security Account Manager (SAM) Remote Protocol Specification (Client-to-Server), which supports printing and spooling operations that are synchronous between client and server. |
|
[MS-SAMS]: Security Account Manager (SAM) Remote Protocol Specification (Server-to-Server) |
Specifies the Security Account Manager (SAM) Remote Protocol Specification (Server-to-Server). Domain controllers (DCs) use this protocol to forward time-critical database changes to the primary domain controller (PDC), and to forward time-critical database changes from a read-only domain controller (RODC) to a writable NC replica within the same domain outside the normal replication protocol. |
|
[MS-WCCE]: Windows Client Certificate Enrollment Protocol Specification |
Specifies a Microsoft protocol that consists of a set of DCOM interfaces that allow clients to request various services from a certification authority (CA). These services enable X.509 (as specified in [X509]) digital certificate enrollment, issuance, revocation, and property retrieval. |
|
[MS-WCFESAN]: WCF-Based Encrypted Server Administration and Notification Protocol Specification |
Specifies the WCF-Based Encrypted Server Administration and Notification Protocol, which enables the protocol client to monitor and manage the protocol server in the same network. |
|
[MS-WKST]: Workstation Service Remote Protocol Specification |
Specifies the WS-Enumeration Directory Services Protocol Extensions, a set of extensions to the Web Services Enumeration (WS-Enumeration) [WSENUM] protocol for facilitating SOAP-based search operations against directory servers. |
|
[MS-WSDS]: WS-Enumeration: Directory Services Protocol Extensions |
Specifies the WS-Enumeration Directory Services Protocol Extensions, a set of extensions to the Web Services Enumeration (WS-Enumeration) [WSENUM] protocol for facilitating SOAP-based search operations against directory servers. |
|
Specifies the WS-Transfer: Lightweight Directory Access Protocol (LDAP) v3 Controls, also known as WSPELD. This protocol extends the Web Services Enumeration (WS-Enumeration) [WSENUM] and Web Services Transfer (WS-Transfer) [WXFR] protocols. |
|
|
[MS-WSTIM]: WS-Transfer: Identity Management Operations for Directory Access Extensions |
Specifies the WS-Transfer: Identity Management Operations for Directory Access Extensions, a set of extensions to the WS-Transfer protocol [WXFR] for representing the protocol operations commonly used for directory access in identity management protocols. |