Overview#

LDAP_MATCHING_RULE_DN_WITH_DATA is an Extensible Match matching rule with an OID of 1.2.840.113556.1.4.2253 which provides a way to match on portions of values of DN Syntax and Object(DN-Binary).[1]

LDAP_MATCHING_RULE_DN_WITH_DATA Example[2]#

As an Example we will use msDS-HasInstantiatedNCs is of type DN-Binary where the data (binary) portion contains the instanceType of each NC a DSA hosts, the link itself points to the DN of that NC.

This can be represented as “B:8:<InstanceTypeOfNCInHex>:<DNOfNC>”

For example “B:8:0000000D:CN=Schema,CN=Configuration,DC=corp,DC=chrisse,DC=com

Executing a SearchRequest against the Configuration Directory Partition with a filter of:

(msDS-HasInstantiatedNCs:1.2.840.113556.1.4.2253:=B:8:0000000D:CN=Schema,CN=Configuration,DC=corp,DC=Example,DC=com)
Will give you a list of all DSAs hosting the schema NC.

The Search Responses should be the count back that is equal to the numbers of Windows Server 2003 (Or later) DSAs in your AD Forest.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-8) was last changed on 13-Jun-2017 16:00 by jim