RootDSE (AD Schema)
In LDAP 3.0, rootDSE is defined as the root of the directory data tree on a directory server. The rootDSE is not part of any namespace. The purpose of the rootDSE is to provide data about the directory server. For more information about rootDSE, see Serverless Binding and RootDSE in the Active Directory SDK documentation.
rootDSE contains the following attributes. All attributes are single-valued unless otherwise noted.
| Attribute | Syntax | Description |
|---|---|---|
| configurationNamingContext |
String(Teletex) |
Contains the distinguished name for the configuration container. |
| currentTime |
String(Teletex) |
Contains the current time set on this directory server in Coordinated Universal Time format. |
| defaultNamingContext |
String(Teletex) |
Contains the distinguished name for the domain of which this directory server is a member. |
| dnsHostName |
String(Teletex) |
Contains the DNS address for this directory server. |
| domainControllerFunctionality |
String(Teletex) |
Indicates the functional level of the domain controller. This can be one of the following values. "0" - Windows 2000 Mode "2" - Windows Server 2003 Mode "3" - Windows Server 2008 Mode |
| domainFunctionality |
String(Teletex) |
Indicates the functional level of the domain. This can be one of the following values. "0" - Windows 2000 Domain Mode "1" - Windows Server 2003 Interim Domain Mode "2" - Windows Server 2003 Domain Mode "3" - Windows Server 2008 Domain Mode "4" - Windows Server 2008 R2 Domain Mode |
| dsServiceName |
String(Teletex) |
Contains the distinguished name of the NTDS settings object for this directory server. |
| forestFunctionality |
String(Teletex) |
Indicates the functional level of the forest. This can be one of the following values. "0" - Windows 2000 Forest Mode "1" - Windows Server 2003 Interim Forest Mode "2" - Windows Server 2003 Forest Mode "3" - Windows Server 2008 Forest Mode "4" - Windows Server 2008 R2 Forest Mode |
| highestCommittedUSN |
String(Teletex) |
Contains the highest update sequence number (USN) on this directory server. Used by directory replication. |
| isGlobalCatalogReady |
String(Teletex) |
Indicates if the global catalog is fully operational. Contains either "TRUE" or "FALSE". |
| isSynchronized |
String(Teletex) |
Indicates if the directory server is fully synchronized. Contains either "TRUE" or "FALSE". |
| ldapServiceName |
String(Teletex) |
Contains the Service Principal Name (SPN) for the LDAP server. Used for mutual authentication. |
| namingContexts |
String(Teletex) |
A multiple-valued attribute that contains the distinguished names for all naming contexts stored on this directory server. By default, a Windows 2000 domain controller contains at least three naming contexts: Schema, Configuration, and one for the domain of which the server is a member. |
| rootDomainNamingContext |
String(Teletex) |
Contains the distinguished name for the first domain in the forest that contains the domain of which this directory server is a member. |
| schemaNamingContext |
String(Teletex) |
Contains the distinguished name for the schema container. |
| serverName |
String(Teletex) |
Contains the distinguished name for the server object for this directory server in the configuration container. |
| subschemaSubentry |
String(Teletex) |
Contains the distinguished name for the subSchema object. The subSchema object contains properties that expose the supported attributes (in the attributeTypes property) and classes (in the objectClasses property). The subschemaSubentry property and subschema are defined in LDAP 3.0 (see RFC 2251). |
| supportedCapabilities |
String(Teletex) |
A multiple-valued attribute that contains the capabilities supported by this directory server. |
| supportedControl |
String(Teletex) |
A multiple-valued attribute that contains the OIDs for extension controls supported by this directory server. See the table below for a list of the possible control OIDs. |
| supportedLDAPPolicies |
String(Teletex) |
A multiple-valued attribute that contains the names of the supported LDAP management policies. |
| supportedLDAPVersion |
String(Teletex) |
A multiple-valued attribute that contains the LDAP versions (specified by major version number) supported by this directory server. |
| supportedSASLMechanisms |
String(Teletex) |
Contains the security mechanisms supported for SASL negotiation (see LDAP RFCs). By default, GSSAPI is supported. |
Active Directory supports the following control OIDs in the supportedControl attribute. For more information, see LDAPControl and ldap_search_init_page.
| Control OID | String constant |
|---|---|
| 1.2.840.113556.1.4.319 |
LDAP_PAGED_RESULT_OID_STRING |
| 1.2.840.113556.1.4.473 |
LDAP_SERVER_SORT_OID |
| 1.2.840.113556.1.4.474 |
LDAP_SERVER_RESP_SORT_OID |
| 1.2.840.113556.1.4.801 |
LDAP_SERVER_SD_FLAGS_OID |
| 1.2.840.113556.1.4.528 |
LDAP_SERVER_NOTIFICATION_OID |
| 1.2.840.113556.1.4.417 |
LDAP_SERVER_SHOW_DELETED_OID |
| 1.2.840.113556.1.4.619 |
LDAP_SERVER_LAZY_COMMIT_OID |
| 1.2.840.113556.1.4.841 |
LDAP_SERVER_DIRSYNC_OID |
| 1.2.840.113556.1.4.529 |
LDAP_SERVER_EXTENDED_DN_OID |
| 1.2.840.113556.1.4.805 |
LDAP_SERVER_TREE_DELETE_OID |
| 1.2.840.113556.1.4.521 |
LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID |
| 1.2.840.113556.1.4.1338 |
LDAP_SERVER_VERIFY_NAME_OID |
| 1.2.840.113556.1.4.1339 |
LDAP_SERVER_DOMAIN_SCOPE_OID |
| 1.2.840.113556.1.4.1340 |
LDAP_SERVER_SEARCH_OPTIONS_OID |
| 1.2.840.113556.1.4.1413 |
LDAP_SERVER_PERMISSIVE_MODIFY_OID |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for