Overview#Microsoft Active Directory has Search Filters Limitation in regards to Extensible Match Rules support.
Microsoft Active Directory is limited to the following:
|Capability name||OID||AD Version Support|
|LDAP_MATCHING_RULE_BIT_AND||1.2.840.1135184.108.40.2063||2000 2008 2012|
|LDAP_MATCHING_RULE_BIT_OR||1.2.840.1135220.127.116.114||2000 2008 2012|
|LDAP_MATCHING_RULE_TRANSITIVE_EVAL||1.2.840.113518.104.22.1681||2008 2012 R2|
The supported comparison rules are documented for each syntax type in section 22.214.171.124.2.4.
When performing an extensible match search against Active Directory, if the type field of the MatchingRuleAssertion is not specified (RFC 2251 section 4.5.1), the extensible match filter clause is evaluated to "Undefined". The dnAttributes field of the MatchingRuleAssertion is ignored and always treated as if set to false.