Searching Active Directory

A major function of Active Directory™ is to resolve queries for information for people, as well as configuration information for machines and services. There are several key areas that you should understand if you want to write the most efficient query to Active Directory. These areas include:

• Determining the scope of the query. Does the client need to find properties on objects that might be located anywhere within a forest, or only within one domain, or within a given organizational unit (OU)?
• Determining the depth of the query. Does the query need only go one level or might it cross into other LDAP directories?
• Performance and handling large result sets. How should the client effectively handle the potential of a large result set?
• Determining the best queries. What type of queries will provide the most efficient results? What type of queries should the developer stay away from?
• Understanding the query syntax. ADSI supports both the LDAP syntax as documented in RFC 2254, as well as a subset of SQL.
• Choice of interfaces. ADSI provides both OLE DB support as well as a C/C++ interface called IDirectorySearch. Since ADSI works for multiple namespaces, you can use these interfaces for querying other namespaces such as NDS and Exchange, as well as Active Directory. Namespaces such as those supported in Windows NT® (WinNT://), prior to Windows® 2000 and NetWare 3, do not support these interfaces, since the underlying infrastructure does not support rich query. Since the ActiveX® Data Object (ADO) is a simple scriptable data access object model on top of OLE DB, the OLE DB interfaces work very well for Visual Basic programmers and Web page script writers. The new data access capabilities within Visual Studio 6 and Office applications that take advantage of ADO and OLE DB can now access Active Directory information in the same way they access data from other OLE DB providers, such as SQL Server. However, if a C/C++ developer needs to perform a simple directory search, the IDirectorySearch interface might be more appropriate than the OLE DB interfaces.

The following topics in this section detail how to search Active Directory to ensure your program issues the most efficient query, given the requirements of the client.

• Scope of Query
• Depth of Query
• Performance and Handling Large Result Sets
• Search Filter Syntax
• Query Interfaces
• Distributed Query

For additional information and sample code, see Searching Active Directory in the Active Directory Programmer's Guide.