Overview#
LDAP_MATCHING_RULE_DN_WITH_DATA is an Extensible Match matching rule with an OID of 1.2.840.113556.1.4.2253 which provides a way to match on portions of values of DN Syntax and Object(DN-Binary).[1]LDAP_MATCHING_RULE_DN_WITH_DATA Example[2]#
As an Example we will use msDS-HasInstantiatedNCs is of type DNWithOctetString where the data (binary) portion contains the instanceType of each NC a DSA hosts, the link itself points to the DN of that NC.This can be represented as “B:8:<InstanceTypeOfNCInHex>:<DNOfNC>”
For example “B:8:0000000D:CN=Schema,CN=Configuration,DC=corp,DC=chrisse,DC=com
Executing a SearchRequest against the Configuration Directory Partition with a filter of:
(msDS-HasInstantiatedNCs:1.2.840.113556.1.4.2253:=B:8:0000000D:CN=Schema,CN=Configuration,DC=corp,DC=Example,DC=com)
The Search Responses should be the count back that is equal to the numbers of Windows Server 2003 (Or later) DSAs in your AD Forest.
More Information#
There might be more information for this subject on one of the following:- [#1] - 3.1.1.3.4.4.4 LDAP_MATCHING_RULE_DN_WITH_DATA
- based on information obtained 2017-06-13-
- LDAP_MATCHING_RULE_DN_WITH_DATA
- based on information obtained 2017-06-13-