Overview#
Microsoft Active Directory has Search Filters Limitation in regards to Extensible Match Rules support.Microsoft Active Directory is limited to the following:
| Capability name | OID | AD Version Support |
|---|---|---|
| LDAP_MATCHING_RULE_BIT_AND | 1.2.840.113556.1.4.803 | 2000 2008 2012 |
| LDAP_MATCHING_RULE_BIT_OR | 1.2.840.113556.1.4.804 | 2000 2008 2012 |
| LDAP_MATCHING_RULE_TRANSITIVE_EVAL | 1.2.840.113556.1.4.1941 | 2008 2012 R2 |
| LDAP_MATCHING_RULE_DN_WITH_DATA | 1.2.840.113556.1.4.2253 | 2012 R2 |
The supported comparison rules are documented for each syntax type in section 3.1.1.2.2.4
.
When performing an extensible match search against Active Directory, if the type field of the MatchingRuleAssertion is not specified (RFC 2251 section 4.5.1), the extensible match filter clause is evaluated to "Undefined". The dnAttributes field of the MatchingRuleAssertion is ignored and always treated as if set to false.
We have several Microsoft Active Directory Extensible Match Rules Examples Filtering for Bit Fields
More Information#
There might be more information for this subject on one of the following:- [#1] - 3.1.1.3.1.3.1 Search Filters - based on information obtained 2015610-15-
