September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
4.8. Searching with an Attribute-Scoped Query
Tip
This recipe requires the Windows Server 2003 forest functional level.
Problem
You want to retrieve attributes
of objects that have been set in a
multivalued-linked attribute, such as the member
attribute on group objects. An attribute-scoped
query can do this in a single query, instead of the previous method,
which required multiple.
Solution
Using a graphical user interface
Follow the steps in Recipe 4.3 to enable an LDAP control.
Select the Attribute Scoped Query control (you can select controls by name with the Windows Server 2003 version of LDP). For the Windows 2000 version of LDP, add a control with an OID of 1.2.840.113556.1.4.1504.
For Value, enter the multivalued attribute name (e.g.,
member).Click the Check in button.
Click OK.
From the menu, select Browse → Search.
For BaseDN, type the DN of the object that contains the multivalued DNs.
For Scope, select Base.
For Filter, enter an LDAP filter to match against the objects that are part of the multivalued DN attribute.
Click Run.
Using a command-line interface
At the time of publication of this book, no CLI tools supported attribute-scoped queries.
Using VBScript
At the time of publication of this book, you cannot use
attribute-scoped queries with ADSI, ADO, and VBScript. In an ADO
search, you can use the ADSI
Flags property as part of a Connection object to set the search preference, but there is no way to set the attribute that should be matched, which must be included as part of the ...