| Platform SDK: Active Directory, ADSI, and Directory Services |
Both the objectCategory and objectClass attributes can be used to refer to a given schema class of a directory object. However, there is an important distinction in semantics between the two. (objectClass=foo) refers to such directory objects in which foo represents any class in the object's class hierarchy. (objectCategory=foo), on the other hand, refers to those directory objects in which foo identifies a specific class in the object's class hierarchy. objectClass can take multiple values whereas objectCategory takes a single value and is, thus, better suited for type matching of objects in a directory search. ADSI uses this as the default matching criterion. Searches using one objectClass are not scalable to large databases. ADSI supports (objectCategory=SomeDN) and (objectCategory=Ldap_Display_Name_of_Class), for example, (objectCategory=user). The exception to all of this is that the LDAP search filter (objectClass=*) does not specify a search on object class, but merely tests for the presence of the objects.