Microsoft Active Directory Syntax


Microsoft Active Directory Syntax are LDAPSyntaxes that are specific to Microsoft Active Directory

Microsoft Active Directory Syntax is a mess.#

Way to many different types of references to the same thing. Microsoft appears to refuse to follow the standards for formatting LDAPSyntaxes, AttributeTypes, and ObjectClasses. You must go to many pages on their sites to figure out what how this attribute should be determined.

Ldapwiki's Best Effort#

The LDAPSyntaxes supported by Domain Controllers are as shown in the following table. The set of syntaxes supported is NOT extensible by schema modifications. Each syntax is identified by the combination of the attributeSyntax, oMSyntax and, in select cases, oMObjectClass attributes of an attributeSchema object. The cases for which oMObjectClass is not used are indicated by the presence of a hyphen in the oMObjectClass column in the table. The combinations shown in the following table are exhaustive; this table is consistent and identical for Windows Server 2000 operating system and later.

While oMObjectClass conceptually contains an object identifier (OID), it is declared in the schema as String(Octet) syntax, requiring that values read from and written to it be expressed as the Basic Encoding Rules (BER) encoding of the OID. In the table, both the BER-encoded form and the dotted string form of the OID are given.

NAME Microsoft Active DirectorySyntax OIDoMSyntaxRFC 2252ADsType NameoMObjectClassComment
DistinguishedName (a.k.a. Distinguished Name
or DN String or Object(DS-DN) and is a DN Syntax) (DN)ADSTYPE_DN_STRING1. Automation string
Case-sensitive String2.5.5.3271. (Binary)ADSTYPE_CASE_EXACT_STRING OLE Automation string
telex2.5.5.420 1.2.840.113556.1.4.905ADSTYPE_CASE_IGNORE_STRING OLE Automation string
IA5 String2.5.5.5221. (IA5 String)ADSTYPE_CASE_IGNORE_STRING OLE Automation string
Numeric String2.5.5.6181. (Numeric String)ADSTYPE_NUMERIC_STRING OLE Automation string
DNWithOctetString is a DN Syntax2.5.5.71271.2.840.113556.1.4.903ADSTYPE_DN_WITH_BINARY1.2.840.113556.
OR-Name2.5.5.71271.2.840.113556.1.4.1221ADSTYPE_CASE_IGNORE_STRING2. Automation string
Boolean2.5.5.811. (Boolean)ADSTYPE_BOOLEAN True=-1, False=0
Enumeration2.5.5.9101. (Integer)ADSTYPE_INTEGER 4-byte signed int
Integer2.5.5.9101. (Integer)ADSTYPE_INTEGER 4-byte signed int
Octet string2.5.5.1041. (Binary)ADSTYPE_OCTET_STRING VARIANT
Replica Link2.5.5.101271. (Binary)ADSTYPE_OCTET_STRING1.2.840.113556.
GeneralizedTime2.5.5.11241. (Generalized Time)ADSTYPE_UTC_TIME date
UTC Time2.5.5.11231. (UTC Time)ADSTYPE_UTC_TIME date
Directory String2.5.5.12641. (Directory String)ADSTYPE_CASE_IGNORE_STRING OLE Automation string
Presentation Address2.5.5.131271. (Presentation Address)ADSTYPE_CASE_IGNORE_STRING1. Automation string
DNWithString is a DN Syntax2.5.5.141271.2.840.113556.1.4.904ADSTYPE_DN_WITH_STRING1.2.840.113556.
Access Point2.5.5.141271. Automation string
NT-Sec-Desc2.5.5.15661.2.840.113556.1.4.907ADSTYPE_NT_SECURITY_DESCRIPTOR IDispatch
Large integer2.5.5.16651. (Integer)ADSTYPE_LARGE_INTEGER IDispatch
SID string2.5.5.1741. VARIANT

More Information#

There might be more information for this subject on one of the following: