This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Active Directory Schema Related LDAP Searches
Active Directory Schema Related LDAP Searches

Version management

Difference between version and

At line 1 added 149 lines
!!! Overview
[{$pagename}] are [Example] [LDAP SearchFilters] that reveal the [Microsoft Active Directory] [LDAP Schema] for your [AD Forest]
%%information
Below examples show linefeeds ONLY for clarification
%%
!! [LDAP Schema]: Operational [Constructed Attributes]
[Constructed Attributes] have the [FLAG_ATTR_IS_CONSTRUCTED] set for [SystemFlags]
{{{
# LDAP URL : ldaps://example-dcdc.example.com:636/CN=Schema,CN=Configuration,DC=root-example,DC=com?cn,lDAPDisplayName,linkID,objectClass?sub?(&(objectCategory=attributeSchema)(systemFlags:1.2.840.113556.1.4.803:=4))
# command line :
ldapsearch -H ldaps://example-dcdc.example.com:636
-x
-D "administrator@example.com" -W
-b "CN=Schema,CN=Configuration,DC=root-example,DC=com"
-s sub
-a always
-z 1000
"(&(objectCategory=attributeSchema)(systemFlags:1.2.840.113556.1.4.803:=4))"
"cn" "lDAPDisplayName" "linkID" "objectClass"
}}}
!! [LDAP Schema]: NOT Replicated Attributes
Results of this query have the [FLAG_ATTR_NOT_REPLICATED] set for [SystemFlags]
{{{
# LDAP URL : ldaps://example-dcdc.example.com:636/CN=Schema,CN=Configuration,DC=root-example,DC=com?lDAPDisplayName,cn,objectClass?sub?(&(objectCategory=attributeSchema)(systemFlags:1.2.840.113556.1.4.803:=1))
# command line :
ldapsearch
-H ldaps://example-dcdc.example.com:636
-x
-D "administrator@example.com"
-W
-b "CN=Schema,CN=Configuration,DC=root-example,DC=com"
-s sub
-a always
-z 1000
"(&(objectCategory=attributeSchema)(systemFlags:1.2.840.113556.1.4.803:=1))"
"lDAPDisplayName" "cn" "objectClass"
}}}
!! [LDAP Schema]: [Linked Attributes]
This [LDAP SearchFilter] reveals the [Linked Attributes] defined within the [Microsoft Active Directory] Schema.
{{{
# LDAP URL : ldaps://example-dcdc.example.com:636/CN=Schema,CN=Configuration,DC=root-example,DC=com?cn,lDAPDisplayName,linkID,objectClass?sub?(linkID=*)
# command line :
ldapsearch
-H ldaps://example-dcdc.example.com:636
-x
-D "administrator@example.com"
-W
-b "CN=Schema,CN=Configuration,DC=root-example,DC=com"
-s sub
-a always
-z 1000
"(linkID=*)"
"cn" "lDAPDisplayName" "linkID" "objectClass"
}}}
!! [LDAP Schema]: [LDAP Indexed|LDAP Indexes] [AttributeTypes]
This [LDAP SearchFilter] reveals the [Attributes] defined within the [Microsoft Active Directory] Schema which part of a [LDAP Indexes]
[Confidential] [Attributes] have the [SearchFlags] [Bit] set as [fATTINDEX]
{{{
# LDAP URL : ldaps://example-dcdc.example.com:636/CN=Schema,CN=Configuration,DC=root-example,DC=com?lDAPDisplayName,cn,objectClass?sub?(searchFlags:1.2.840.113556.1.4.803:=1)
# command line :
ldapsearch
-H ldaps://example-dcdc.example.com:636
-x
-D "administrator@example.com"
-W
-b "CN=Schema,CN=Configuration,DC=root-example,DC=com"
-s sub
-a always
-z 1000
"(searchFlags:1.2.840.113556.1.4.803:=1)"
"lDAPDisplayName" "cn" "objectClass"
}}}
!! [LDAP Schema]: [Confidential] [Attributes]
[Confidential] [Attributes] have the [SearchFlags] [Bit] set as [fCONFIDENTIAL]
{{{
# LDAP URL : ldaps://example-dcdc.example.com:636/CN=Schema,CN=Configuration,DC=root-example,DC=com?lDAPDisplayName,cn,objectClass?sub?(searchFlags:1.2.840.113556.1.4.803:=128)
# command line :
ldapsearch
-H ldaps://example-dcdc.example.com:636
-x
-D "administrator@example.com"
-W
-b "CN=Schema,CN=Configuration,DC=root-example,DC=com"
-s sub
-a always
-z 1000
"(searchFlags:1.2.840.113556.1.4.803:=128)"
"lDAPDisplayName" "cn" "objectClass"
}}}
!! [LDAP Schema]: [Attributes] in the [Global Catalog]
[Attributes] in the [Global Catalog] have the value of [isMemberOfPartialAttributeSet] set to [TRUE]
{{{
# LDAP URL : ldaps://example-dcdc.example.com:636/CN=Schema,CN=Configuration,DC=root-example,DC=com?lDAPDisplayName,cn,objectClass?sub?(&(objectCategory=attributeSchema)(isMemberOfPartialAttributeSet=TRUE))
# command line :
ldapsearch
-H ldaps://example-dcdc.example.com:636
-x
-D "administrator@example.com"
-W
-b "CN=Schema,CN=Configuration,DC=root-example,DC=com"
-s sub
-a always
-z 1000
"(&(objectCategory=attributeSchema)(isMemberOfPartialAttributeSet=TRUE))"
"lDAPDisplayName" "cn" "objectClass"
}}}
!! [LDAP Schema]: [Ambiguous Name Resolution] ([ANR])
[Ambiguous Name Resolution] [Attributes] have the [SearchFlags] [Bit] set as [fANR]
{{{
# LDAP URL : ldaps://example-dcdc.example.com:636/CN=Schema,CN=Configuration,DC=root-example,DC=com?lDAPDisplayName,cn,objectClass?sub?(searchFlags:1.2.840.113556.1.4.803:=4)
# command line :
ldapsearch
-H ldaps://example-dcdc.example.com:636
-x
-D "administrator@example.com"
-W
-b "CN=Schema,CN=Configuration,DC=root-example,DC=com"
-s sub
-a always
-z 1000
"(searchFlags:1.2.840.113556.1.4.803:=4)"
"lDAPDisplayName" "cn" "objectClass"
}}}
!! All objects which can't be deleted:
{{{(systemFlags:1.2.840.113556.1.4.803:=-2147483648)}}}
!! All objects which can't be renamed#
{{{(systemFlags:1.2.840.113556.1.4.803:=134217728)}}}
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop