Directory Services

Creating a Query Filter

A query filter instructs Active Directory to find data in an LDAP query syntax. All the specified data access technologies listed in the Choosing the Data Access Technology topic support LDAP query syntax.

The LDAP query syntax is as follows:

<expression><expression>…

A filter can contain one, or more, expressions. An expression has the following form:

(<logicaloperator><comparison><comparison…>)

where <logicaloperator> is the following.

Logical operator Description
| OR
& AND
! NOT

and <comparison> is the following:

(<attribute><operator><value>)

where <attribute> is the lDAPDisplayName of the attribute to evaluate, <value> is the value to compare against, and <operator> is one of the following comparison operators.

Logical operator Description
= Equals
~= Approximately equals
<= Less than or equal to
>= Greater than or equal to

In addition, depending on the attribute syntax, the <value> may contain the wildcard symbol (*). Be aware that a <value> containing only * checks for the existence of the <attribute>.

If any of the following special characters must appear in the query filter as literals, they must be replaced by the listed escape sequence.

ASCII character Escape sequence substitute
* \2a
( \28
) \29
\ \5c
NUL \00

In addition, arbitrary binary data may be represented using the escape sequence syntax by encoding each byte of binary data with the backslash followed by two hexadecimal digits. For example, the four-byte value 0x00000004 is encoded as \00\00\00\04 in a filter string.