!!! Overview
[{$pagename}] are [Example] [LDAP SearchFilters] that reveal the [Microsoft Active Directory] [LDAP Schema] for your [AD Forest]

%%information
Below examples show linefeeds ONLY for clarification 
%%

!! [LDAP Schema]: Operational [Constructed Attributes]
[Constructed Attributes] have the [FLAG_ATTR_IS_CONSTRUCTED] set for [SystemFlags]

{{{
# LDAP URL     : ldaps://example-dcdc.example.com:636/CN=Schema,CN=Configuration,DC=root-example,DC=com?cn,lDAPDisplayName,linkID,objectClass?sub?(&(objectCategory=attributeSchema)(systemFlags:1.2.840.113556.1.4.803:=4))
# command line :
ldapsearch -H ldaps://example-dcdc.example.com:636 
    -x 
    -D "administrator@example.com" -W 
    -b "CN=Schema,CN=Configuration,DC=root-example,DC=com" 
    -s sub 
    -a always 
    -z 1000 
    "(&(objectCategory=attributeSchema)(systemFlags:1.2.840.113556.1.4.803:=4))" 
    "cn" "lDAPDisplayName" "linkID" "objectClass"
}}}

!! [LDAP Schema]: NOT Replicated Attributes
Results of this query have the [FLAG_ATTR_NOT_REPLICATED] set for [SystemFlags]

{{{
# LDAP URL     : ldaps://example-dcdc.example.com:636/CN=Schema,CN=Configuration,DC=root-example,DC=com?lDAPDisplayName,cn,objectClass?sub?(&(objectCategory=attributeSchema)(systemFlags:1.2.840.113556.1.4.803:=1))
# command line : 
ldapsearch 
  -H ldaps://example-dcdc.example.com:636 
  -x 
  -D "administrator@example.com" 
  -W 
  -b "CN=Schema,CN=Configuration,DC=root-example,DC=com" 
  -s sub 
  -a always 
  -z 1000 
  "(&(objectCategory=attributeSchema)(systemFlags:1.2.840.113556.1.4.803:=1))" 
  "lDAPDisplayName" "cn" "objectClass"
}}}

!! [LDAP Schema]: [Linked Attributes]
This [LDAP SearchFilter] reveals the [Linked Attributes] defined within the [Microsoft Active Directory] Schema.

{{{
# LDAP URL     : ldaps://example-dcdc.example.com:636/CN=Schema,CN=Configuration,DC=root-example,DC=com?cn,lDAPDisplayName,linkID,objectClass?sub?(linkID=*)
# command line : 
ldapsearch 
  -H ldaps://example-dcdc.example.com:636 
  -x 
  -D "administrator@example.com" 
  -W 
  -b "CN=Schema,CN=Configuration,DC=root-example,DC=com" 
  -s sub 
  -a always 
  -z 1000 
  "(linkID=*)" 
  "cn" "lDAPDisplayName" "linkID" "objectClass"
}}}

!! [LDAP Schema]: [LDAP Indexed|LDAP Indexes] [AttributeTypes]
This [LDAP SearchFilter] reveals the [Attributes] defined within the [Microsoft Active Directory] Schema which part of a [LDAP Indexes]
[Confidential] [Attributes] have the [SearchFlags] [Bit] set as [fATTINDEX]

{{{
# LDAP URL     : ldaps://example-dcdc.example.com:636/CN=Schema,CN=Configuration,DC=root-example,DC=com?lDAPDisplayName,cn,objectClass?sub?(searchFlags:1.2.840.113556.1.4.803:=1)
# command line : 
ldapsearch 
  -H ldaps://example-dcdc.example.com:636 
  -x 
  -D "administrator@example.com" 
  -W 
  -b "CN=Schema,CN=Configuration,DC=root-example,DC=com" 
  -s sub 
  -a always 
  -z 1000 
  "(searchFlags:1.2.840.113556.1.4.803:=1)" 
  "lDAPDisplayName" "cn" "objectClass"
}}}

!! [LDAP Schema]: [Confidential] [Attributes]
[Confidential] [Attributes] have the [SearchFlags] [Bit] set as [fCONFIDENTIAL]

{{{
# LDAP URL     : ldaps://example-dcdc.example.com:636/CN=Schema,CN=Configuration,DC=root-example,DC=com?lDAPDisplayName,cn,objectClass?sub?(searchFlags:1.2.840.113556.1.4.803:=128)
# command line : 
ldapsearch 
  -H ldaps://example-dcdc.example.com:636 
  -x 
  -D "administrator@example.com" 
  -W 
  -b "CN=Schema,CN=Configuration,DC=root-example,DC=com" 
  -s sub 
  -a always 
  -z 1000 
  "(searchFlags:1.2.840.113556.1.4.803:=128)" 
  "lDAPDisplayName" "cn" "objectClass"
}}}

!! [LDAP Schema]: [Attributes] in the [Global Catalog]
[Attributes] in the [Global Catalog] have the value of [isMemberOfPartialAttributeSet] set to [TRUE]

{{{
# LDAP URL     : ldaps://example-dcdc.example.com:636/CN=Schema,CN=Configuration,DC=root-example,DC=com?lDAPDisplayName,cn,objectClass?sub?(&(objectCategory=attributeSchema)(isMemberOfPartialAttributeSet=TRUE))
# command line : 
ldapsearch 
  -H ldaps://example-dcdc.example.com:636 
  -x 
  -D "administrator@example.com" 
  -W 
  -b "CN=Schema,CN=Configuration,DC=root-example,DC=com" 
  -s sub 
  -a always 
  -z 1000 
  "(&(objectCategory=attributeSchema)(isMemberOfPartialAttributeSet=TRUE))" 
  "lDAPDisplayName" "cn" "objectClass"
}}}

!! [LDAP Schema]: [Ambiguous Name Resolution] ([ANR])
[Ambiguous Name Resolution] [Attributes] have the [SearchFlags] [Bit] set as [fANR]

{{{
# LDAP URL     : ldaps://example-dcdc.example.com:636/CN=Schema,CN=Configuration,DC=root-example,DC=com?lDAPDisplayName,cn,objectClass?sub?(searchFlags:1.2.840.113556.1.4.803:=4)
# command line : 
ldapsearch 
  -H ldaps://example-dcdc.example.com:636 
  -x 
  -D "administrator@example.com" 
  -W 
  -b "CN=Schema,CN=Configuration,DC=root-example,DC=com" 
  -s sub 
  -a always 
  -z 1000 
  "(searchFlags:1.2.840.113556.1.4.803:=4)" 
  "lDAPDisplayName" "cn" "objectClass"
}}}


!! All objects which can't be deleted:
{{{(systemFlags:1.2.840.113556.1.4.803:=-2147483648)}}}

!! All objects which can't be renamed#
{{{(systemFlags:1.2.840.113556.1.4.803:=134217728)}}}

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]