LDAP_MATCHING_RULE_DN_WITH_DATA is an Extensible Match matching rule with an OID of 1.2.840.113556.1.4.2253 which provides a way to match on portions of values of DN Syntax and Object(DN-Binary).[1]


As an Example we will use msDS-HasInstantiatedNCs is of type DN-Binary where the data (binary) portion contains the instanceType of each NC a DSA hosts, the link itself points to the DN of that NC.

This can be represented as “B:8:<InstanceTypeOfNCInHex>:<DNOfNC>”

For example “B:8:0000000D:CN=Schema,CN=Configuration,DC=corp,DC=chrisse,DC=com

Executing a SearchRequest against the Configuration Directory Partition with a filter of:

Will give you a list of all DSAs hosting the schema NC.

The Search Responses should be the count back that is equal to the numbers of Windows Server 2003 (Or later) DSAs in your AD Forest.

