3.2 Directory Examples
This section contains a set of examples that describe common uses of the Active Directory system. The following examples are given:
Provision a user account by using the SAMR protocol.
Change a user account's password.
Update a user's lastLogOnTimeStamp.
Determine the group membership of a user.
Delete a user account.
Obtain a list of user accounts by using the Web Services protocols.
Obtain a list of user accounts by using LDAP.
Manage groups and their memberships.
Delete a group.
Extend the schema to support an application by adding a new class.
Extend the schema to support an application by adding a new attribute.
Extend the schema to support an application by adding an attribute to a class.
Partition directory data by using organizational units.
Store application data in the directory.
Manage access control on directory objects.
Raise the domain functional level.
A key aspect of these examples is that multiple protocols, such as LDAP and SAMR, can be used to affect the same state change, such as provisioning a user. After that state change is complete, any protocol that provides access to that state (not just the protocol that originally created the state) can be used to further modify that state. For example, the user that was created by using the SAMR protocol can have his or her password changed by using LDAP, or can be queried by using the Web Services protocols.