The main protocols that are used by Active Directory are Domain Name System (DNS) Transfer Control Protocol/Internet Protocol (TCP/IP), and Lightweight Directory Access Protocol (LDAP).


Domain Name System (DNS) is the de facto naming system for Internet Protocol (IP)-based networks and the naming service that is used to locate computers on the Internet. Windows 2000 uses DNS to locate computers and domain controllers (that is, to locate Active Directory). A workstation or member server finds a domain controller by querying DNS. For this reason, installing or upgrading to Windows® 2000 Server requires that a DNS infrastructure is in place or is installed simultaneously.

Every Windows 2000 domain has a DNS name (for example,, and every Windows 2000–based computer has a DNS name (for example, Thus, domains and computers are represented both as objects in Active Directory and as nodes in DNS. For more information about DNS, see the Microsoft ® Windows ®  2000 Server Resource Kit TCP/IP Core Networking Guide .


The required transport protocol for Active Directory is TCP/IP. For more information about TCP/IP, see the TCP/IP Core Networking Guide .


LDAP is a structured protocol that is used to view and manipulate information that is stored in a hierarchical database. LDAP is defined by Request for Comments (RFC) 2251: "Lightweight Directory Access Protocol." Clients use LDAP for reading and updating the contents of Active Directory. Active Directory supports both LDAP version 2 (LDAP v2) and LDAP version 3 (LDAP v3).

The general model adopted by this protocol is one of clients performing protocol operations against servers. In this model, a client transmits a protocol request describing the operation to be performed to a server. The server is then responsible for performing the necessary operations in the directory. Upon completion of the operations, the server returns a response containing any results or errors to the requesting client.

note-icon Note

Servers are required to return responses, but whenever such responses are defined in the protocol, there is no requirement for synchronous behavior on the part of either clients or servers. Requests and responses for multiple operations can be exchanged between a client and server in any order, provided the client eventually receives a response for every request that required one.

The ability to search a directory encompasses several operations that can be performed by a client. These include search, connect, bind, modify, add, and delete. Although it might be important for an administrator to be able to manipulate the information in Active Directory, greatest benefit to the end user is the ability to view information. The user, for example, might want to look up the telephone extension or room number of a coworker.

For more information about LDAP v3, see the Request For Comments link on the Web Resources page at . Follow the links to RFC 2251.