8 Appendix C: Product Behavior

  • Article

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.

The terms "earlier" and "later", when used with a product version, refer to either all preceding versions or all subsequent versions, respectively. The term "through" refers to the inclusive range of versions. Applicable Microsoft products are listed chronologically in this section.

  • Windows Server 2008 R2 operating system

  • Windows Server 2012 operating system

  • Windows Server 2012 R2 operating system

  • Windows Server 2016 operating system

  • Windows Server operating system

  • Windows Server 2019 operating system

  • Windows Server 2022 operating system

  • Windows Server 2025 operating system 

Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.

<1> Section 2.1: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use SOAP 1.2 [SOAP1.2-1/2003] over a NET.TCP [MC-NMF] transport binding. The transports used, as well as the authentication mechanisms supported and the endpoints exposed, are specified in [MS-ADDM] section 2.1.

<2> Section 3: The following products are applicable to WS-Enumeration: Directory Services Protocol Extensions:

  • Active Directory Management Gateway Service contains the server implementation of WS-Enumeration: Directory Services Protocol Extensions.

  • Remote Server Administration Tools (excluding Remote Server Administration Tools for Windows Vista operating system) contains the client implementation. For more information about Remote Server Administration Tools, see [MSFT-RSAT].

  • Windows Server 2008 R2 and later have both the server and the client implementations.

Active Directory Management Gateway Service is available for Windows Server 2003 operating system with Service Pack 2 (SP2), Windows Server 2003 R2 operating system with Service Pack 2 (SP2), and Windows Server 2008 operating system.

<3> Section 3: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions limit the validity of an enumeration context to 30 minutes by default, defined as MaxEnumContextExpiration in the ADWS configuration settings [MSDOCS-ADWS].

<4> Section 3.1.1: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use the mapping defined in [MS-ADDM] section 2.3.

<5> Section 3.1.3: All the endpoints of Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions including the Enumeration Interface specified in [MS-ADDM] section 2.1 listen on fixed TCP port 9389.

<6> Section 3.1.4: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions do not support sending EnumerationEnd SOAP message (defined in WS-Enumeration [WSENUM] section 3.6) to the endpoint reference, when the enumeration terminates unexpectedly.

<7> Section 3.1.4.1: If the expiration time is not provided in the enumerate request, Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions assign the default value of 5 minutes duration to the expiration time.

<8> Section 3.1.4.1: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions always return the expiration time in the enumerate response as an absolute time in Coordinated Universal Time (UTC) mode.

<9> Section 3.1.4.1.1.2: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions return all of the default attributes and all of the synthetic attributes (defined in [MS-ADDM] section 2.3.3) when there is no selection element present in the Enumerate request.

<10> Section 3.1.4.1.1.2.1: If selection property <ad:all> is specified in the Enumerate request, Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions return all of the default attributes and the synthetic attribute <ad:objectReferenceProperty> (defined in [MS-ADDM] section 2.3.3) in the SOAP response message for the Pull operation. In addition to <ad:all>, if certain constructed attributes are also specified as part of selection properties in the Enumerate request, then Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions also return the requested constructed attributes in the SOAP response message for the Pull operation.

<11> Section 3.1.4.1.3.1: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions allow no more than 5 enumeration contexts to be created per client-to-server session by default, defined as MaxEnumCtxsPerSession in the ADWS configuration settings [MSDOCS-ADWS].

They allow no more than 100 enumeration contexts in total for the complete set of client-to-server sessions open at a time by default, defined as MaxEnumCtxsTotal in the ADWS configuration settings.

<12> Section 3.1.4.1.3.1: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use the fault detail defined in [MS-ADDM] section 2.6 for ad:EnumerationContextLimitExceeded fault.

<13> Section 3.1.4.1.3.4: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions have the following four synthetic attributes: <ad:container-hierarchy-parent>, <ad:distinguishedName>, <ad:relativeDistinguishedName>, <ad:objectReferenceProperty>. See [MS-ADDM] section 2.3.3 for their definitions.

<14> Section 3.1.4.1.3.4: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use the fault detail defined in [MS-ADDM] section 2.6 for an ad:InvalidSortKey fault.

<15> Section 3.1.4.1.3.5: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use an element named ad:PullFault of the complex type ad:, which is defined in [MS-ADDM] section 2.6, for the wsen:CannotProcessFilter fault.

<16> Section 3.1.4.1.3.6: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions perform validations on the adlq:LdapQuery element of a wsen:Enumerate request during the corresponding wsen:pull request processing. If an invalid adlq:LdapQuery element is received on a wsen:Enumerate request, a wsa2004:EndPointUnavailable fault is returned while processing the corresponding wsen:pull request.

<17> Section 3.1.4.1.3.6: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use the element ad:FaultDetail, which is defined in [MS-ADDM] section 2.6, for wsa2004:EndPointUnavailable faults.

<18> Section 3.1.4.2: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions do not limit the number of characters in the Pull response by not supporting the wsen:MaxCharacters element in the client request.

<19> Section 3.1.4.2.1.1: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use an element named ad:PullFault of the complex type ad:FaultDetailType, which is defined in [MS-ADDM] section 2.6, for an ad:MaxCharsNotSupported fault.

<20> Section 3.1.4.2.1.2: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use the element ad:FaultDetail, which is defined in [MS-ADDM] section 2.6, for wsen:InvalidEnumerationContext faults.

<21> Section 3.1.4.2.1.3: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use the element ad:FaultDetail, which is defined in [MS-ADDM] section 2.6, for wsa2004:DestinationUnreachable faults.

<22> Section 3.1.4.2.1.3: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions generate a receiver fault rather than a sender fault as specified in the section.

<23> Section 3.1.4.2.1.4: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use the element ad:FaultDetail, which is defined in [MS-ADDM] section 2.6, for wsa2004:EndpointUnavailable faults.

<24> Section 3.1.4.2.1.5: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use the element ad:FaultDetail, which is defined in [MS-ADDM] section 2.6, for ad:MaxTimeExceedsLimit faults.

<25> Section 3.1.4.3.1.1: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use the element ad:FaultDetail, which is defined in [MS-ADDM] section 2.6, for wsen:InvalidEnumerationContext faults.

<26> Section 3.1.4.3.1.2: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use the element ad:FaultDetail, which is defined in [MS-ADDM] section 2.6, for wsa2004:EndpointUnavailable faults.

<27> Section 3.1.4.4.1.1: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use the element ad:FaultDetail, which is defined in [MS-ADDM] section 2.6, for wsen:InvalidEnumerationContext faults.

<28> Section 3.1.4.4.1.2: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use the element ad:FaultDetail, which is defined in [MS-ADDM] section 2.6, for wsa2004:EndpointUnavailable faults.

<29> Section 3.1.4.5.1.1: Microsoft implementations of WS-Enumeration: Directory Services Protocol Extensions use the element ad:FaultDetail, which is defined in [MS-ADDM] section 2.6, for wsa2004:EndpointUnavailable faults.