Directory Services


The LDAP_SERVER_VERIFY_NAME_OID control is used with extended LDAP add and modify requests to instruct the DC accepting the update which DC it should verify with, the existence of any DN attribute values.

To use this control, set the members of the LDAPControl structure as follows:

struct berval ldctl_value;
BOOLEAN ldctl_iscritical;


A pointer to a wide, null-terminated string, LDAP_SERVER_VERIFY_NAME_OID, which is defined as "1.2.840.113556.1.4.1338".
Specifies a BER-encoded sequence of parameters that allows the application to specify a specific server to perform the search function. In the berval structure, set bv_val to a pointer to the sequence containing the flag and server name data and set bv_len to the length of the sequence. For more information, see the Remarks section of this topic.
Can be TRUE or FALSE depending on whether the extended search function is critical to your application.


The Verify Name control is used with the extended search functions, such as ldap_search_ext, to specify the specific server used to verify an object's existence. The ldctl_value field is set to the following BER-encoded sequence:

Sequence {
  Flags		INTEGER
  ServerName   OCTET STRING \\Unicode server string

The ber_printf routine is used to create the sequence data. The flags portion is set to 0, and the ServerName is a Unicode string that contains the fully qualified DNS name of the server to contact for verification.

When a DN valued attribute is updated with new values, the DC on which the update occurs verifies that an object with the new DN exists somewhere in the forest. The DC will first check to see if the object is held locally, and failing that, the DC will find a GC and ask the GC if it knows about an object with the new DN.

Applications will sometimes need to create an object and at the same time update an attribute on another existing object to add a reference to the newly created object. If both object are on same DC, the application can create the new object and then modify the second object's attribute (adding a reference to the first object) without having to consider replication update times.

However, if the two objects are in different domains and therefore held on two different DCs, when the application attempts to modify the attribute of the second object to add a reference to the first newly created object, it is impossible for the application to know if sufficient time has passed for the newly created object to replicate to the GC used by the second object. The LDAP_SERVER_VERIFY_NAME_OID control allows the application to specify the DN of the newly created object so the verification check performed by the attribute update call of the second object does not fail due to replication update lag.


Client: Included in Windows XP and Windows 2000 Professional.
Server: Included in Windows Server 2003 and Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension on Windows NT 4.0 SP6a and Windows 95/98/Me.
Header: Declared in Winldap.h.

See Also

Using Controls