Windows Server 2008 R2 (W2K8R2) introduces a new service called the “Active Directory Web Service (ADWS)” to support remote management of running directory services through the WS-* protocols. The AD PowerShell Module (also see: Active Directory Administration with Windows PowerShell and Active Directory Powershell Blog) and the Active Directory Administrative Center (ADAC) are components that require the usage of ADWS. The ADWS is installed automatically when either promoting a W2K8R2 server to a DC (both RWDC and RODC) or installing the first ADLDS instance on a W2K8R2 server. It also supports directory services instances loaded with DSAMAIN (only when on W2K8R2 and not on W2K8!). To find a W2K8R2 DC/server with the ADWS installed DC locator uses a special flag called “DS_WEB_SERVICE_REQUIRED”. The server where the AD PowerShell Modules are being executed or where the ADAC has been started communicates with the DC/server with the ADWS installed over TCP:9389.
Of course it is possible to have the RSAT installed on Win7 workstation or W2K8R2 member server while your AD infrastructure is still running on W2K3 or W2K8. To support both scenarios Microsoft released an out-of-band version of the ADWS which can be downloaded from here.
–
To install the out-of-band version of the ADWS on W2K3 you must meet the following requirements:
- Operating system is at least W2K3 (R2) with SP2
- The following hotfix must be installed for .NET Framework 3.5 SP1 “A hotfix rollup package for Active Directory Web Service is available for the .NET Framework 3.5 SP1” (might already be included in .NET Framework 4.0)
- The following hotfix must be installed on the W2K3 (R2) DCs so that these understand the new DC Locator Flag “DS_WEB_SERVICE_REQUIRED”. “Windows 7 clients cannot locate the Active Directory Management Gateway service that is installed on Windows Server 2003-based domain controllers”
–
To install the out-of-band version of the ADWS on W2K3 you must meet the following requirements:
- Operating system is at least W2K8 or W2K8 with SP2
- The following hotfix must be installed for .NET Framework 3.5 SP1 “A hotfix rollup package for Active Directory Web Service is available for the .NET Framework 3.5 SP1” (might already be included in .NET Framework 4.0)
- The following hotfix must be installed on the W2K8 DCs so that these understand the new DC Locator Flag “DS_WEB_SERVICE_REQUIRED”. “Windows 7 clients cannot locate the Active Directory Management Gateway service that is installed on Windows Server 2008-based domain controllers” (is already included in SP2 for W2K8)
–
Figure 1: The Network Trace On A W2K8R2 DC Reporting It Supports The ADWS
–
Additional information about the ADWS can be found through the following links:
- [MS-ADDM]: Active Directory Web Services: Data Model and Common Elements
- [MS-ADCAP]: Active Directory Web Services: Custom Action Protocol Specification
- What’s New in AD DS: Active Directory Web Services
- Active Directory Web Services Overview
- Active Directory Management Gateway Service released to web – manage YOUR Windows 2003/2008 DCs USING AD POWERSHELL !
- ADWS diagnostic logging
–
Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————
Jorge's Quest For Knowledge! 