There are 23 syntaxes defined in Active Directory. See Syntaxes for Active Directory Attributes.
The following table provides a short list of recommendations.
|Data to store in attribute||Syntax to use||Comment|
|Binary data||OctetString||Use OctetString to store binary data.
An OctetString is an array of bytes.
|Binary data with a DN reference||DNWithOctetString||OctetString containing a binary value and a distinguished name (DN). Active Directory keeps the DN up-to-date.|
|Boolean||Boolean||Use for boolean values.|
|DN Reference||DN||Use to store distinguished names that you want kept up-to-date by Active Directory. When an attribute of DN syntax is created with a valid DN, Active Directory treats the attribute as a reference to the object represented by the DN that was set. If the referenced object is renamed or moved, Active Directory ensures that the attribute reflects the change. If the attribute is reset with a new DN, the attribute is reference to the object represented by the new DN.|
|Integer||Integer||Use for integers.|
|Large Integer (64-bit values)||INTEGER8||Use for 64-bit values.|
|Linked DN||DN||This string syntax can be used for linked DNs. Back links must be of syntax DN. Forward links can be of syntax DN (as well as DNWithString, DNWithBinary, AccessPointDN, or ORName. Linked attributes must have a linkID defined. See the description of linkID in attributeSchema properties.|
|Security Descriptor||ObjectSecurityDescriptor||Octet string containing a security descriptor.|
|Security Identifier (SID)||Sid||Octet string containing a security identifier (SID). Use this syntax to store SID values only.|
|String||DirectoryString||Use for most string attributes. It supports the Unicode
character set. When Active Directory performs comparisons against
attributes of this syntax (such as evaluating a query), it performs
Use the other string syntaxes (IA5String, NumericString, and so on) to store strings that should contain only the specific character sets supported by the syntax.
|String data with a DN reference||DNWithString||OctetString containing a string value and a distinguished name (DN). Active Directory keeps the DN up-to-date.|
|Time||GeneralizedTime||Use the GeneralizedTime syntax to store time values rather than the UTCTime syntax because GeneralizedTime uses four characters for the year and UTCTime uses only two.|