Syntaxes for Active Directory Attributes

Platform SDK: Active Directory, ADSI, and Directory Services

Syntaxes for Active Directory Attributes

Active Directory defines a set of attribute syntaxes for specifying the type of data contained by an attribute. The predefined syntaxes do not actually appear in the directory, and you cannot add new syntaxes. There are different ways to identify the syntax of an attribute class depending on what you want to do.

Reading or writing an attribute using the IADs interface. The Get, GetEx, Put, and PutEx methods of this interface use the VARIANT structure to set and retrieve the values of an object's attributes. The vt member of this structure is a VARTYPE value that identifies the type of data.
Reading or writing an attribute using the IDirectoryObject or IDirectorySearch interfaces. The methods of these interfaces use an ADSTYPE value from the ADSTYPEENUM enumeration to specify the type of data.
Setting the syntax of a new attribute class. To specify the syntax of a new attribute class, set the attributeSyntax and oMSyntax attributes of an attributeSchema object. If the value of oMSyntax is 127, you must also set the oMObjectClass attribute. See Choosing a Syntax.

To determine the syntax of one of the predefined attribute classes, see the attribute's reference page in the Active Directory Schema Reference section of the Active Directory Reference.

The following tables describe the syntaxes supported by Active Directory and list the corresponding VARTYPE and ADSTYPE constants. There are tables for four syntax groups: simple data types, strings, time formats, and object references.

The following table shows the syntax for simple data types.

Name	Description
Boolean	Boolean. For queries that include attributes of Boolean syntax in a filter, you must specify TRUE or FALSE (for example, myboolattr=TRUE). attributeSyntax: 2.5.5.8 oMSyntax: 1 VARTYPE: VT_BOOL ADSTYPE: ADSTYPE_BOOLEAN
Enumeration	Defined by the ITU. Treated as an integer in Active Directory. attributeSyntax: 2.5.5.9 oMSyntax: 10 VARTYPE: VT_I4 ADSTYPE: ADSTYPE_INTEGER
Integer	32-bit integer. attributeSyntax: 2.5.5.9 oMSyntax: 2 VARTYPE: VT_I4 ADSTYPE: ADSTYPE_INTEGER
INTEGER8	Large integer. Use for 64-bit values. attributeSyntax: 2.5.5.16 oMSyntax: 65 VARTYPE: VT_DISPATCH (QueryInterface for IADsLargeInteger) ADSTYPE: ADSTYPE_LARGE_INTEGER

The following table shows the syntax for string data types.

Name	Description
CaseExactString	A case-sensitive character string. attributeSyntax: 2.5.5.3 oMSyntax: 27 VARTYPE: VT_BSTR ADSTYPE: ADSTYPE_CASE_EXACT_STRING
CaseIgnoreString	A case-insensitive string containing characters from the teletex character set. attributeSyntax: 2.5.5.4 oMSyntax: 20 VARTYPE: VT_BSTR ADSTYPE: ADSTYPE_CASE_IGNORE_STRING
DirectoryString	A case-insensitive Unicode string. attributeSyntax: 2.5.5.12 oMSyntax: 64 VARTYPE: VT_BSTR ADSTYPE: ADSTYPE_CASE_IGNORE_STRING
IA5String	A case-sensitive string containing characters from the IA5 character set. attributeSyntax: 2.5.5.5 oMSyntax: 22 VARTYPE: VT_BSTR ADSTYPE: ADSTYPE_PRINTABLE_STRING
NTSecurityDescriptor	Octet string containing a Windows NT/Windows 2000 security descriptor. attributeSyntax: 2.5.5.15 oMSyntax: 66 VARTYPE: VT_DISPATCH (QueryInterface for IADsSecurityDescriptor) ADSTYPE: ADSTYPE_NT_SECURITY_DESCRIPTOR
NumericString	String containing digits. attributeSyntax: 2.5.5.6 oMSyntax: 18 VARTYPE: VT_BSTR ADSTYPE: ADSTYPE_NUMERIC_STRING
OctetString	Array of bytes. Use OctetString to store binary data. attributeSyntax: 2.5.5.10 oMSyntax: 4 VARTYPE: VT_UI1 \| VT_ARRAY ADSTYPE: ADSTYPE_OCTET_STRING
OID	An object identifier (OID) string, which is a string containing digits (0-9) and decimal points (.). attributeSyntax: 2.5.5.2 oMSyntax: 6 VARTYPE: VT_BSTR ADSTYPE: ADSTYPE_CASE_IGNORE_STRING
PrintableString	A case-sensitive string containing characters from the printable character set. attributeSyntax: 2.5.5.5 oMSyntax: 19 VARTYPE: VT_BSTR ADSTYPE: ADSTYPE_PRINTABLE_STRING
Sid	Octet string containing a security identifier (SID). Use this syntax to store SID values only. attributeSyntax: 2.5.5.17 oMSyntax: 4 VARTYPE: VT_UI1 \| VT_ARRAY ADSTYPE: ADSTYPE_OCTET_STRING

The following table shows the syntax for the time data types. If you are defining a new attribute to store time values, use the GeneralizedTime syntax, which uses four characters to represent the year instead of only two. For descriptions of the GeneralizedTime and UTCTime formats, see How To Specify Comparison Values.

Name	Description
GeneralizedTime	A time string format defined by ASN.1 standards. See ISO 8601 and X680. Use this syntax for storing time values in Generalized-Time format. attributeSyntax: 2.5.5.11 oMSyntax: 24 VARTYPE: VT_DATE ADSTYPE: ADSTYPE_UTC_TIME
UTCTime	A time string format defined by ASN.1 standards. See ISO 8601 and X680. Use this syntax for storing time values in UTC-Time format. attributeSyntax: 2.5.5.11 oMSyntax: 23 VARTYPE: VT_DATE ADSTYPE: ADSTYPE_UTC_TIME

Name

Description

GeneralizedTime

A time string format defined by ASN.1 standards. See ISO 8601 and X680. Use this syntax for storing time values in Generalized-Time format.

attributeSyntax: 2.5.5.11

oMSyntax: 24

VARTYPE: VT_DATE

ADSTYPE: ADSTYPE_UTC_TIME

UTCTime

A time string format defined by ASN.1 standards. See ISO 8601 and X680. Use this syntax for storing time values in UTC-Time format.

attributeSyntax: 2.5.5.11

oMSyntax: 23

VARTYPE: VT_DATE

ADSTYPE: ADSTYPE_UTC_TIME

The following table shows the syntax for the object reference data types.

Name	Description
AccessPointDN	From X400. attributeSyntax: 2.5.5.14 oMSyntax: 127 oMObjectClass: 0x2B0C0287731C00853E
DN	String containing a distinguished name (DN). For attributes with this syntax, Active Directory treats attribute values as references to the object identified by the DN and automatically updates the value if the object is moved or renamed. For queries that include attributes of DN syntax in a filter, you must specify full distinguished names—wildcards (for example, cn=John) are not supported. attributeSyntax:* 2.5.5.1 oMSyntax: 127 oMObjectClass: 0x2B0C0287731C00854A VARTYPE: VT_BSTR ADSTYPE: ADSTYPE_DN_STRING
DNWithBinary	An OctetString containing a binary value and a distinguished name (DN). A value with this syntax has the following format: B:CharCount:binaryvalue:ObjectDN where binaryvalue is the hexidecimal representation of the binary value, CharCount is the number of hexadecimal digits in binaryvalue, and ObjectDN is a distinguished name. Active Directory automatically updates the DN if the object that it refers to is moved or renamed. For an example that uses this syntax, see Enabling Rename-safe Binding with the otherWellKnownObjects Property. attributeSyntax: 2.5.5.17 oMSyntax: 127 oMObjectClass: 0x2A864886F7140101010B VARTYPE: VT_DISPATCH (QueryInterface for IADsDNWithBinary) ADSTYPE: ADSTYPE_DN_WITH_BINARY
DNWithString	An OctetString containing a string value and a distinguished name (DN). A value with this syntax has the following format: S:CharCount:stringvalue:ObjectDN where CharCount is the number of characters in the stringvalue string, and ObjectDN is a distinguished name of an object in Active Directory. Active Directory automatically updates the DN if the object that it refers to is moved or renamed. attributeSyntax: 2.5.5.14 oMSyntax: 127 oMObjectClass: 0x2A864886F7140101010C VARTYPE: VT_DISPATCH (QueryInterface for IADsDNWithString) ADSTYPE: ADSTYPE_DN_WITH_STRING
ORName	From X400. attributeSyntax: 2.5.5.7 oMSyntax: 127 oMObjectClass: 0x56060102050B1D
PresentationAddress	A string for containing OSI presentation addresses. attributeSyntax: 2.5.5.13 oMSyntax: 127 oMObjectClass: 0x2B0C0287731C00855C VARTYPE: VT_BSTR ADSTYPE: ADSTYPE_CASE_IGNORE_STRING
ReplicaLink	System only. Used by Active Directory. attributeSyntax: 2.5.5.10 oMSyntax: 127 oMObjectClass: 0x2A864886F71401010106 VARTYPE: VT_VARIANT ADSTYPE: ADSTYPE_OCTET_STRING