Directory Services

Service Connection Point Properties

The attributes of the serviceConnectionPoint class are sufficient for most services. Active Directory does not define how the attributes are used, so the clients of your service must be able to interpret and use the data in your service SCPs. Services that must publish additional data about themselves can extend the Active Directory schema by creating a subclass of the serviceConnectionPoint class, giving the subclass a distinct name. For more information about schema extensions, see Extending the Schema.

The most important attributes of an SCP are keywords, serviceDNSName, serviceDNSNameType, serviceClassName, and serviceBindingInformation. Client applications search the directory for keywords values to locate your SCP. When your SCP is found, clients can read other attributes to retrieve service data.

Attribute Description
keywords The keywords attribute can contain multiple string values that identify your service. This attribute is included in the Global Catalog, which means that clients in any domain of an enterprise forest can search the Global Catalog for keywords associated with your service. This attribute is also indexed, which improves query performance. The installer that creates the SCP sets the values of the keywords attribute. Typically, these values are not modified by the active service.

The exact keywords you should include in your SCP depend on how clients search for your service. The best keywords to use are GUID strings because GUIDs are guaranteed to be unique in a forest. Use the GUID string format returned by the UuidToString function in the RPC library. You can also include human-readable names, if clients may use them to search for your service. The keywords in an SCP should include GUID strings and/or names that identify the following data about your service:

  • Your company or organization: for example, Fabrikam.
  • The product or service: for example, SQL Server. This enables client applications to find SCPs for services of that type.
  • The specific version of the product or service, such as 7.5.
  • For SCPs that publish a specific set of data or capabilities for a type of service, include a GUID string or name that identifies the specific instance. For example, a database service could publish an SCP for a specific database. In this case, the SCP would include a product GUID to identify the service and another GUID to identify the database.
serviceDNSName and serviceDNSNameType Client applications use the serviceDNSName and serviceDNSNameType attributes to determine the service's host computer. The serviceDNSNameType value indicates the type of DNS name specified by serviceDNSName–usually "A" if serviceDNSName contains a host name or "SRV" if serviceDNSName contains a SRV record name.

The serviceDNSName value is typically the DNS name of the service's host computer. Your service installer can call the GetComputerNameEx function to get the DNS name of the local computer.

For services that have DNS SRV records, serviceDNSName can be the name of the SRV record. A client application uses the DNS APIs to retrieve all the SRV records that match this name. The client then retrieves the DNS host name from one of the SRV records. This technique is useful for replicated services because SRV records also include data that enables the client to select the best replica.

serviceBindingInformation A multi-value property that contains string values that store data required to bind to a service. This property is indexed and is replicated to the Global Catalog.

The content of serviceBindingInformation is specific to the service that published the SCP; clients must interpret the binding data. In the most common case, the binding data consists of a port number on the service host computer.

serviceClassName A single-value property that identifies the class of service represented by the SCP. This is a descriptive string specific to the service that published the SCP; for example SqlServer. For services that support mutual authentication, clients can use this property, along with the DNS name of the service's host computer, to form a service principal name. For more information, see Mutual Authentication Using Kerberos.