Overview#

Microsoft Active Directory has Search Filters Limitation ion regards to Extensible Match Rules support.

Microsoft Active Directory is limited to the following:

Capability nameOIDAD Version Support
LDAP_MATCHING_RULE_BIT_AND1.2.840.113556.1.4.8032000 2008 2012
LDAP_MATCHING_RULE_BIT_OR1.2.840.113556.1.4.8042000 2008 2012
LDAP_MATCHING_RULE_TRANSITIVE_EVAL1.2.840.113556.1.4.19412008 2012 R2
LDAP_MATCHING_RULE_DN_WITH_DATA1.2.840.113556.1.4.22532012 R2

The supported comparison rules are documented for each syntax type in section 3.1.1.2.2.4.

When performing an extensible match search against Active Directory, if the type field of the MatchingRuleAssertion is not specified (RFC 2251 section 4.5.1), the extensible match filter clause is evaluated to "Undefined". The dnAttributes field of the MatchingRuleAssertion is ignored and always treated as if set to false.

We have several Microsoft Active Directory Extensible Match Rules Examples Filtering for Bit Fields

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-3) was last changed on 04-Sep-2014 11:45 by jim