22.214.171.124 Modify a Directory Object - Client Application
A common activity for an administrator is to modify objects. Timely updates on these directory objects ensure that the data in the system is current, which enables the Active Directory system to function correctly. To achieve this, the administrator launches the client application to interact with the Active Directory system. The client application establishes a connection to the Active Directory system. The administrator uses the client application to modify an existing directory object.
Modify a directory object in the Active Directory system.
Context of Use
An administrator wants to modify attributes of existing directory objects.
Figure 9: Use case diagram for modifying a directory object
Windows Authentication Services
Windows Authentication Services [MS-AUTHSOD] is the supporting actor that authenticates the administrator's identity. This is done so that access control decisions can be made by the Active Directory system.
The directory server is the supporting actor that receives the modification request and modifies the directory object.
The administrator initiates operations such as create, search, modify, and delete on the application directory object. The administrator primarily wants to receive information that the operations are successfully completed or receive an error message if they failed.
The directory is the entity that contains the object that is being modified.
The system-wide preconditions, as described in section 2.6, are satisfied. The Active Directory system completes initialization, as described in section 2.6.
The client application has access to a directory server to which it can establish a connection, if it is not already connected, and send the request.
The directory object to be modified exists in the Active Directory system.
Main Success Scenario
Trigger: To initiate the modify operation, the administrator provides the name of the directory object to modify as input to the client application, along with credentials. The information provided by the administrator includes the attribute(s) being modified on the object and the list of modifications to be made to those attributes.
The client application establishes a connection to the directory server. Windows Authentication Services authenticates the client application using the supplied credentials ([MS-AUTHSOD] section 2).
The client application sends a modify request to the directory server to make the appropriate modifications on the directory object.
The directory server modifies the object, as specified by the client application, and makes any additional modifications that are mandated by the server's processing rules and constraints ([MS-ADTS] sections 126.96.36.199.1, 188.8.131.52.3, and 184.108.40.206.4).
The directory server sends a response to the client application that the modifications were successfully completed.
The directory object is modified.
There are multiple failure scenarios when the administrator modifies a directory object in the Active Directory system. The operation has to be validated against the server's processing rules and constraints, as described in [MS-ADTS] sections 220.127.116.11.1 and 18.104.22.168.3.