You can specify the scope of a search as either a base,
one-level, or subtree search. Use the ADS_SEARCHPREF_SEARCH_SCOPE
flag with the values of the ADS_SCOPEENUM enumeration to
specify the search scope. The following list includes descriptions
of the search types:
Base. A base search limits the search to the base
object. The maximum number of objects returned is always one. This
search is useful to verify the existence of an object for
retrieving group membership. For example, if you have an object
distinguished name, and you must verify the object's existence
based on the path, you can use a one-level search. If the search
fails, you can assume that the object may have been renamed or
moved to a different location, or you were given the wrong
information about the object. Be aware that you should store the
globally unique identifier (GUID) of the object instead of the
distinguished name, if you wish to revisit an object. The GUID will
always reference the same object, regardless of where the object is
located within the directory hierarchy.
One-level. A one-level search is restricted to the
immediate children of a base object, but excludes the base object
itself. This setting can perform a targeted search for immediate
child objects of a parent object. For example, consider a parent
object P1 and its immediate children: C1, C2, and C3. A one-level
search evaluates C1, C2, and C3 against the search criteria, but
does not evaluate P1. Use a one-level search to enumerate all
children of an object. An IADsContainer enumeration
translates to a one-level search.
Subtree. A subtree search (or a deep search) includes
all child objects as well as the base object. You can request the
LDAP provider to chase referrals to other LDAP directory services,
including other Active Directory domains or forests.