2.3 Protocol Relationships

Active Directory protocol grouping

Figure 3: Active Directory protocol grouping

As shown in the preceding diagram, the member protocols that make up the Active Directory Services Protocol Groups can be divided into five functional groups. Each group accomplishes an interrelated set of tasks. A client typically uses protocols in the same group in conjunction with each other. The groups are as follows:

  • The core group contains protocols that are supported by all directory servers in the Active Directory system, whether they run in AD DS or AD LDS mode. This group includes LDAP, which is the primary protocol that is used to read and write objects in the directory tree. The [MS-DSSP] (DSSP) protocol does not perform operations against the directory tree, but is included in this group because it is also present on all directory servers in the Active Directory Services Protocols.

  • The SAM group includes SAMR and SAMS. SAMR is used to perform account maintenance and operates on the same directory tree as the core group of protocols, but it provides access to only a subset of the objects in that tree, and further, provides access to only a subset of the attributes on those objects. SAMR is supported only when operating in AD DS mode. SAMS is used to perform account maintenance and time-critical database changes between Active Directory servers that are in the same domain.

  • The LSA group contains the LSAD and LSAT protocols. Both protocols are serviced by the same RPC interface and endpoint ([MS-LSAD] section 1.8, Vendor-Extensible Fields, and [MS-LSAT] section 1.8, Vendor-Extensible Fields).

  • The Web Services group consists of the WS-Transfer, WS-Enumeration, and ADCAP protocols along with the [MS-WSDS] (WSDS), and [MS-WSPELD] (WSPELD) protocol extensions. This protocol group is only supported on some versions of the Active Directory Services. Much like the core group, these protocols permit clients to read and write directory objects in the directory tree, and to perform selected tasks against the tree. Unlike the core group, the protocols in this group are based on SOAP rather than remote procedure call (RPC) or block-structured transports.

  • The Directory Replication group contains the DRSR and SRPL protocols. DRSR is an RPC protocol that is used for management of replication and management of data in Active Directory. SRPL is the extension to the DRS protocol for transport over the Simple Mail Transfer Protocol (SMTP).

The following diagram shows the relationship among the protocols of the Active Directory system.

Protocol relationships

Figure 4: Protocol relationships