3.3.4.3 GetADPrincipalAuthorizationGroup
A server processes a GetADPrincipalAuthorizationGroup request using the Active Directory Web Services: Custom Action Protocol upon receiving a SOAP message that contains the GetADPrincipalAuthorizationGroupRequest_Headers header and that specifies the following URI as the SOAP action:
http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions/AccountManagement/GetADPrincipalAuthorizationGroup
This operation is specified by the following WSDL.
-
<wsdl:operation name="GetADPrincipalAuthorizationGroup"> <wsdl:input wsam:Action= "http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions/AccountManagement/GetADPrincipalAuthorizationGroup" name="GetADPrincipalAuthorizationGroupRequest" message="ca:GetADPrincipalAuthorizationGroupRequest" /> <wsdl:output wsam:Action= "http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions/AccountManagement/GetADPrincipalAuthorizationGroupResponse" name="GetADPrincipalAuthorizationGroupResponse" message="ca:GetADPrincipalAuthorizationGroupResponse" /> <wsdl:fault wsam:Action="http://schemas.microsoft.com/2008/1/ActiveDirectory/Data/fault" name="GetADPrincipalAuthorizationGroupFault" message= "ca:AccountManagement_GetADPrincipalAuthorizationGroup_GetADPrincipalAuthorizationGroupFault_FaultMessage" /> </wsdl:operation>
The GetADPrincipalAuthorizationGroup custom action retrieves information for all security-enabled groups that contain, as a member, the authenticable principal specified in GetADPrincipalAuthorizationGroupRequest/PrincipalDN (section 3.3.4.3.2.4) in the NC specified in GetADPrincipalAuthorizationGroupRequest/PartitionDN (section 3.3.4.3.2.3).
For each security-enabled group in which the specified authenticable principal is a member, the GetADPrincipalAuthorizationGroup operation constructs an ActiveDirectoryGroup object (section 2.2.3.3) with all the elements populated and adds it to the GetADPrincipalAuthorizationGroupResponse/MemberOf (section 3.3.4.3.2.6) element. Upon success, the GetADPrincipalAuthorizationGroupResponse element is returned. If an authenticable principal is not a member of any security-enabled groups, then the server returns a GetADPrincipalAuthorizationGroupResponse with an empty MemberOf element.
Groups are returned without respect to the context supplied in GetADPrincipalAuthorizationGroupRequest/PartitionDN (section 3.3.4.3.2.3).
Note Returned groups include the primary group of the authenticable principal specified in GetADPrincipalAuthorizationGroupRequest/PrincipalDN.
If an error occurs while processing this operation, the server MUST return the appropriate SOAP fault for the particular error condition as specified in section 3.3.4.3.8.