3.2.1.6 Domain Membership Abstract Data Model

The server must maintain the following data in a persistent store. The following elements are shared in a read-write mode with domain client administrators. These elements must be shared in a read-only mode with other protocols on the domain client unless otherwise specified.

DomainName (Public): The server MUST know the name of the domain to which it belongs. DomainName contains the following elements:

  • DomainName.FQDN (Public): The fully qualified domain name (FQDN).<13> For Active Directory–style domains, this is the flat NetBIOS name of the domain. When the server is not joined to a domain, DomainName.FQDN is set to NULL.

  • DomainName.NetBIOS (Public): The NetBIOS name of the domain. When the computer is not joined to a domain, DomainName.NetBIOS is set to the NetBIOS name of the workgroup the server is associated with

DomainSid (Public): The server MUST preserve the security identifier (SID) of the domain to which it belongs. This SID is used later as part of the authorization process. If the server has never been joined to a domain, or was previously joined and then unjoined, this value is empty.

DomainGuid (Public): The server MUST preserve the GUID of the domain to which it belongs. If the server has never been joined to a domain, or was previously joined and then unjoined, this value is empty.

ForestNameFQDN (Public): The server MUST preserve the canonical FQDN of the forest that contains DomainName. If the server has never been joined to a domain, or was previously joined and then unjoined, this value is empty.

SiteName (Public): The server can retain the site that it has determined either through administrative configuration or dynamic discovery. Preserving the site name allows the domain client to use the site in the process of finding a "near" domain controller (DC) during the location process (assuming that the site of the domain client does not shift often as might be the case, for example, for a business traveler using a laptop). Domain client implementations SHOULD incorporate site awareness and preserve the name of the site.

ClientName (Public): The domain client MUST know its own name as the domain knows it. This corresponds to the sAMAccountName attribute of the object in the directory. The ClientName can be populated from configuration (for example, a service or machine name), or from human interaction.

Password (Public): The domain client must know the password credentials associated with the account object for ClientName in the directory.

The preceding elements provide the basis for how the domain client invokes the protocols used when communicating with the DC. They must be persisted in an implementation-dependent way when the domain client is not interactive. That is, if the domain client is acting on behalf of a user, it is possible to prompt the user for this information. If the domain client is acting on behalf of a service or set of services (for example, a server), the implementation must store these values in a way that allows the domain client to retrieve them.