Active Directory Schema
Active Directory Schema |
|
The syntax for an attribute defines the storage representation, byte ordering, and matching rules for comparisons of property types. Whether the attribute value must be a string, a number, or a unit of time is also defined. Every attribute of every object is associated with exactly one syntax. The syntaxes are not represented as objects in the schema, but they are programmed to be understood by Active Directory. The allowable syntaxes in Active Directory are predefined. You cannot add new syntaxes.
When you define a new attribute, you must specify both the attributeSyntax and the oMSyntax numbers of the syntax you want for the attribute. The attributeSyntax number is an object identifier and oMSyntax number is an integer. The oMSyntax is defined by the XOM specification. This model provides a relatively fine-grained definition of syntax. For example, there are distinct oMSyntax attributes to distinguish among several types of printable strings, according to factors such as the supported character set and whether case is significant. Table 4.4 is a list of the valid syntaxes for attributes in the Active Directory schema.
Table 4.4 Valid Syntaxes for Attributes in the Active Directory Schema
Syntax1 |
attributeSyntax |
oM Syntax |
ASN 1-Encoded Object Identifier | Description |
|---|---|---|---|---|
| Undefined | 2.5.5.0 | \x550500 | Not a legal syntax. | |
| Object(DN-DN) | 2.5.5.1 | 127 | \x550501 | The fully qualified name of an object in the directory. |
| String(Object-Identifier) | 2.5.5.2 | 6 | \x550502 | The object identifier. |
| Case-Sensitive String | 2.5.5.3 | 27 | \x550503 | General String.
Differentiates uppercase and lowercase. |
| CaseIgnoreString(Teletex) | 2.5.5.4 | 20 | \x550504 | Teletex. Does not differentiate uppercase and lowercase. |
| String(Printable), String(IA5) | 2.5.5.5 | 19, 22 | \x550505 | Printable string or Both character sets are case-sensitive. |
| String(Numeric) | 2.5.5.6 | 18 | \x550506 | A sequence of digits. |
| Object(DN-Binary) | 2.5.5.7 | 127 | \x550507 | A distinguished name plus a binary large object. |
| Boolean | 2.5.5.8 | 1 | \x550508 | TRUE or FALSE values. |
| Integer, Enumeration | 2.5.5.9 | 2, 10 | \x550509 | A |
| String(Octet) | 2.5.5.10 | 4 | \x55050A | A string of bytes. |
| String(UTC-Time), String(Generalized-Time) | 2.5.5.11 | 23, 24 | \x55050B | UTC Time or Generalized-Time. |
| String(Unicode) | 2.5.5.12 | 64 | \x55050C | Unicode string. |
| Object(Presentation-Address) | 2.5.5.13 | 127 | \x55050D | Presentation address. |
| Object(DN-String) | 2.5.5.14 | 127 | \x55050E | A DN-String plus a Unicode string. |
| String(NT-Sec-Desc) | 2.5.5.15 | 66 | \x55050F | A Microsoft® Windows NT® Security descriptor. |
| LargeInteger | 2.5.5.16 | 65 | \x550510 | A |
| String(Sid) | 2.5.5.17 | 4 | \x550511 | Security identifier (SID). |
| 1The oMSyntax names are specified against the syntax numbers to enable correct choice. | ||||
Note
A complete syntax specification consists of both the attribute-syntax and the oMSyntax. Whenever more than one oMSyntax can be used with an attribute-syntax, the correct oMSyntax must be used.
Active Directory does not currently enforce character set restrictions for string syntaxes, so if you use attributes with string syntax, use only characters in the standard character set.