Directory Services


The LDAP_TTL_EXTENDED_OP_OID can be present in the supportedExtensions attribute of the rootDSE of an Active Directory server. If present, it indicates that the Active Directory server provides support for dynamic objects as defined in RFC 2589. It can also be sent to an Active Directory server to refresh a specific Dynamic Object that has already been created. For information about using this feature of Active Directory, see Dynamic Objects.

To use this extended operation, set the arguments of the call to ldap_extended_operation_s as shown in the following code example.

LDAP* ld,
struct berval* Data,
PLDAPControl* ServerControls = NULL,
PLDAPControl* ClientControls = NULL,
PCHAR* ReturnedOid = NULL,
struct berval** ReturnedData


Pointer to the session handle
Pointer to the LDAP_TTL_EXTENDED_OP_OID string, defined as "".
Specifies a BER-encoded sequence of parameters that specifies both the dynamic object name and the desired TTL refresh period. In the berval structure, set bv_val to a pointer to the sequence that contains the dynamic object name and the TTL refresh period, and set bv_len to the length of the sequence. For more information, see the Remarks section.
Set to NULL.
Set to NULL.
Set to NULL.
Pointer to a pointer to a berval structure used to hold any returned data.


The LDAP_TTL_EXTENDED_OP_OID is used to refresh an Active Directory dynamic object. For more information about creating and refreshing dynamic objects, see Dynamic Objects.

To refresh a specific dynamic object, a BER-encoded sequence of parameters that specifies the object must be created per RFC 2589 as follows.

Sequence {
  entryName		 OCTET STRING
  requestTtl		INTEGER
This is an OCTET STRING that specifies the Distinguished Name of the dynamic object. It is encoded in UTF-8 format.
This is an INTEGER that expresses the desired TTL in seconds (range is from 1 to 31557600) of the dynamic object. Servers are not required to accept this value and may return a different TTL value to the client. Clients must be able to use a returned server-dictated TTL value in place of the one submitted.

If a new TTL value is returned by a server in response to a client's LDAP_TTL_EXTENDED_OP_OID extended operation request, the value will be returned as a BER-encoded sequence as follows.

Sequence {
  responseTTL	 INTEGER
This is an INTEGER that expresses the server-dictated TTL value in seconds of the dynamic object. It will be equal to or larger than the client-requested value under normal circumstances. However, servers are permitted to reduce a large client-requested TTL value in order to prevent clients from abusing the dynamic extensions. In this later case the minimum value that a server can reduce a TTL value is down to 86400 seconds (24 hours).


Client: Included in Windows XP and Windows 2000 Professional.
Server: Included in Windows Server 2003 and Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension on Windows NT 4.0 SP6a and Windows 95/98/Me.
Header: Declared in ntldap.h.