Preferred DC Active Directory Provider

Executes Active Directory directory service operations so that they bind to a specified domain controller. Used by Microsoft Provisioning Framework (MPF).

Each procedure in this provider calls the corresponding procedure in Active Directory Provider. Each DC procedure also includes a call to the Make Path Domain Controller Specific procedure, which passes the preferred domain controller as a parameter. An actual domain controller can be passed as well.

This namespace is useful for occasions when it is necessary to execute a transaction that performs multiple operations on an Active Directory object. Using a single preferred domain controller eliminates replication delays that arise between multiple controllers. It is also useful if a transaction provisions another service that uses Active Directory, and you know which domain controller it is most likely to use. For example, if the other service is Microsoft Exchange 2000 and the Exchange server is in a particular Active Directory Site, that site's domain controller should be the preferred domain controller.

Implementation

This namespace is a wrapper for procedures in Active Directory Provider, implemented as Program Files\Microsoft Provisioning\Providers\MPFADProv.dll. It is installed whenever Active Directory Provider is installed .

Input XML Schema

The following code fragment shows the format for sending data to these procedures.

<executeData>1..1
   <preferredDomainController>0..1</preferredDomainController>
   <domainController>0..1</domainController>
   <!-- other elements vary by procedure, see procedure for details -->
</executeData>
Output XML Schema

The following code fragment shows the format for data these procedures return.

<executeData>1..1
   <dcPath>1..1</dcPath>
   <domainController>1..1</domainController>
   <!-- other elements vary by procedure, see procedure for details -->
</executeData>
Public Methods

The XML schemas for requests will be a combination of the elements in Make Path Domain Controller Specific and one of the Active Directory Provider procedures referenced below.

Create Object Creates an object of the specified schema class for the specified container.
Delete Object Deletes the specified object.
Get DACL Returns the discretionary access control list (DACL) for the specified object.
Get Properties Returns one or more properties for an object.
Get SACL Returns the system access control list (SACL) for the specified object.
Group Add Adds an object to a group.
Group IsMember Checks whether an object is part of the specified group.
Group Members Returns the members of the specified group.
Group Remove Removes an object from a group.
Move Object Moves the specified object.
Rename Object Renames the specified object.
Search Performs a directory search.
Set Properties Sets one or more properties for an object.
Update ACL Updates an object's security descriptor. The security descriptor consists of the discretionary access control list (DACL) that sets permissions and the system access control list (SACL) that sets auditing.
User Change Password Changes user passwords.
User Groups Lists the groups for a user.
User Set Password Sets a user's initial password.
Example
<request>
  <data/>
  <procedure>
	<execute namespace='Preferred DC Active Directory Provider' procedure='Create Object'>
	<executeData>
		<preferredDomainController>dc1.ntdomain.microsoft.com</preferredDomainController>
		<container>LDAP://CN=Users,DC=ntdomain,DC=microsoft,DC=com</container>
		<class>user</class>
		<name>cn=PreferredDCUser1</name>
		<properties>
		<property name='description'>PreferredDCUser1</property>
		<property name='displayName'>PreferredDCUser1</property>
		<property name='sAMAccountName'>PreferredDCUser1</property>
		</properties>
		<flagIgnoreAlreadyExistsError/>
		<autoGenerateEmailAddresses>0</autoGenerateEmailAddresses>
	</executeData>
	<after source='executeData' destination='data' mode='merge'/>
	</execute>
  </procedure>
</request>
 Applies To