2.5.1 Active Directory Protocols Dependencies

This section describes the dependencies that the Active Directory protocols have on other entities. The Active Directory protocols require a durable storage system to maintain the state of the directory and meet the transactional guarantees specified in [MS-ADTS] section 3.1.1.5.1.4, Transactional Semantics. This storage system has to provide a means of securing the contents of the storage system from unauthorized access.

The Active Directory protocols also require a networking system that clients can use to send requests to the directory server and to receive responses. This networking system has to support the Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Server Message Block (SMB) transports. This networking system has to provide an accessible name resolution service through a DNS service. The DNS service has to be capable of storing and resolving service (SRV) resource records [RFC2782], CNAME and A resource records [RFC1034], and AAAA resource records [RFC3596]. It is recommended that an implementation of the Active Directory system uses dynamic updates ([RFC2136] and [RFC3645]) to update DNS with the records, as described in [MS-ADTS] section 6.3.2, DNS Record Registrations, but any alternative method that creates the DNS records described there is permissible.<3> DNS can be used by clients of the Active Directory system in order to locate directory servers by using the algorithms described in [MS-ADTS] section 6.3, Publishing and Locating a Domain Controller.

Several of the Active Directory protocols are RPC-based and therefore depend on the availability of an RPC runtime that implements an RPC mechanism as described in [MS-RPCE].

A system of domain interactions forms the framework that other systems leverage in their environments. As such, this system requires comparatively little in terms of services available for use because its purpose is to create a useful environment for other scenarios. Services that the Active Directory protocols require from their environment include the following:

  • Network Infrastructure. This system of domain interactions requires that a viable network system is available. This includes a networked environment that supports TCP/IP and UDP/IP, as well as a name resolution system that is available for use by both the domain controller server and domain members. The name resolution system has to support DNS form if the domain is to support Active Directory-style domain functionality, and NetBIOS form if the domain is to support Windows NT 4.0-style domain functionality.

  • Coexistence. Any given domain on a network has to be uniquely named. There is no architectural limit to the number of domains that are possible on a network.

Even at this relatively high level, the system of domain interactions is a complex aggregation.