<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview [1]
The [{$pagename}] [SupportedControl] is used with an extended [LDAP] [SearchRequest] to request an extended form of an [Microsoft Active Directory] object [Distinguished Names] [DN]. 

The extended form includes a string representation of the object [ObjectGUID] property. For [Security Principal Objects] the extended form also includes a [string] representation of the object [objectSID] property.

!! Usage
To use this [SupportedControl], set the members of the LDAPControl structure as follows:
* PWCHAR ldctl_oid = LDAP_SERVER_EXTENDED_DN_OID = [1.2.840.113556.1.4.529]
* struct berval ldctl_value 
* [Boolean] ldctl_iscritical;

! ldctl_oid
ldctl_oid=[1.2.840.113556.1.4.529]

! ldctl_value
Specifies the [BER]-encoded sequence of parameters that enables the application to specify the string format of the returned [ObjectGUID] and [objectSID]. In the berval structure, set bv_val to a pointer to the sequence that contains the flag data and set bv_len to the length of the sequence. For more information, see the Remarks section.

! ldctl_iscritical
ldctl_iscritical Can be TRUE or FALSE depending on whether the search is critical to your application.

!! Remarks
The Extended DN Control enables the client to request that the results returned by an LDAP search that uses this control return the GUID and [objectSID] data of an object along with the object distinguishedName, which is returned as follows.
{{{
&lt;GUID=xxxxxxxx&gt;;&lt;SID=yyyyyyyyy&gt;;distinguishedName
}}}
Where 
* xxxxxxxx is a string that contains the [ObjectGUID] 
* yyyyyyyy is a string that contains the [objectSID]
* distinguishedName is the [DN], as in &quot;cn=users,dc=fabrikam,dc=com&quot;. 
The GUID and DN are always present; the [objectSID] is present only for security principals.

The ldctl_value field specifies the string format of the returned GUID and [objectSID] values, and is set to the following Ber-encoded sequence:
{{{
Sequence {
  Flag    INTEGER
}
}}}

A ldctl_value value 0 specifies that the [ObjectGUID] and [objectSID] values be returned in hexadecimal string format such as &quot;&lt;GUID=3BC72D2DEC5A704BBDC21F4EF97B7870&gt;&quot; and &quot;&lt;SID=0105000000000005150000005951B81766725D2564633B0B9B602C00&gt;&quot;.

A ldctl_value value of 1 will return the [ObjectGUID] and [objectSID] values in standard string format such as &quot;&lt;GUID=098f2470-bae0-11cd-b579-08002b30bfeb&gt;&quot; and &quot;&lt;SID=S-1-5-21-397955417-626881126-188441444-2908315&gt;&quot;.

When sending this control to a 
Windows 2000 operating system DC, the ldctl_value field is omitted. 

When sending this control to any of: 
* [Windows Server 2003] DC
* [Windows Server 2008] DC
* [Windows Server 2008 R2] DC
* [Windows Server 2012] DC
* [Windows Server 2012 R2] DC 
the ldctl_value field is either omitted or is set to one of the following:
* 0 - the DC returns the values of the [objectGUID] and [objectSID] attributes as a [hexadecimal] representation of their [binary] format.
* 1 - the DC returns the [GUID] in dashed-string format ([RFC 4122] section 3) and the [objectSID] in [SDDL] [objectSID] string format ([MS-DTYP] section 2.4.2.1). The returned [SDDL] SID string begins with &quot;S-&quot;.
* neither 0 nor 1 - then it does not conform with the specification of this [SupportedControl]. (Whatever that means)

!! [Examples] [2]
For example, setting ldctl_value to 0 (or omitting the controlValue field) might return the following extended DN:
{{{
&lt;GUID=b3d4bfbd3c45ee4298e27b4a698a61b8&gt;;&lt;SID=01050000000000051500000061eb5b8c50ef705befda808bf4010000&gt;;CN=Administrator, CN=Users,DC=Fabrikam,DC=com
}}}

While setting ldctl_value to 1 would return the same object's extended DN in the following form:
{{{
&lt;GUID=bdbfd4b3-453c-42ee-98e2-7b4a698a61b8&gt;;&lt;SID=S-1-5-21-2354834273-1534127952-2340477679-500&gt;;CN=Administrator, CN=Users,DC=Fabrikam,DC=com
}}}



!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [LDAP_SERVER_EXTENDED_DN_OID|http://msdn.microsoft.com/en-us/library/aa366980(v=vs.85).aspx|target='_blank'] - based on information obtained 2014-11-25
* [#2] - [LDAP_SERVER_EXTENDED_DN_OID|http://msdn.microsoft.com/en-us/library/cc223349.aspx|target='_blank'] - based on information obtained 2014-11-25
</pre>