Using Directory Service Queries

Querying a directory service using ADSI is similar to querying a database. Because the potential amount of information to be searched could be millions of data elements (or more), a good query strategy allows you to limit your search in various ways. ADSI uses the following concepts in defining a search:

Base DN

The root node of a search. The base DN (distinguished name) must be a fully qualified name in the form: "WinNT://MyDomain/MyServer/User" or "WinNT://MyDomain/MyServer/MyPrintQueue". (DNs are not case sensitive. The use of capital letters in the preceding examples is for clarity only.)

Filter

A string that specifies the criteria to be met by the objects to be returned in a query. This string is in LDAP search filter format, as described in RFC 1960. More information about this can be found in the document ftp://ds.internic.net/rfc/rfc1960.txt. For more information on using a search filter, see Using a Search Filter.

Attribute or Property List

Identifying those attributes of interest allows the search to ignore all other attributes of the object.

Scope

In a directory hierarchy, you need to choose the beginning entry of the search and decide if you want to search recursively through all branches of that node. Scope is one of the values "Base", "OneLevel", or "SubTree", which are defined in ADS_SCOPE_* constants.

Preference

Search preference includes other ways to limit a query. A search preference set allows you to indicate limits such as the size of the query result, time limits, whether or not to dereference aliases during the search, whether to use secure authentication and other limits.

To use ADSI to query a directory service, you can use IDirectorySearch or the ADSI OLE DB provider. For more information, see Using the ADSI OLE DB Provider for Searches or Using IDirectorySearch for Querying.