Directory Services

Syntaxes for Active Directory Attributes

Active Directory defines a set of attribute syntaxes for specifying the type of data contained by an attribute. The predefined syntaxes do not actually appear in the directory, and you cannot add new syntaxes. Several methods can be used to identify the syntax of an attribute class:

For more information about how to determine the syntax of one of the predefined attribute classes, see the attribute reference page in the Active Directory Schema Reference section of the Active Directory Reference.

The following tables describe the syntaxes supported by Active Directory and list the corresponding VARTYPE and ADSTYPE constants. There are tables for four syntax groups: simple data types, strings, time formats, and object references.

The following table lists the syntax for simple data types.

Name Description
Boolean Boolean. For queries that include attributes of Boolean syntax in a filter, specify TRUE or FALSE (for example, myboolattr=TRUE).
Syntax type Value
attributeSyntax 2.5.5.8
oMSyntax 1
VARTYPE VT_BOOL
ADSTYPE ADSTYPE_BOOLEAN
Enumeration Defined by the ITU. Treated as an integer in Active Directory.
Syntax type Value
attributeSyntax 2.5.5.9
oMSyntax 10
VARTYPE VT_I4
ADSTYPE ADSTYPE_INTEGER
Integer 32-bit integer.
Syntax type Value
attributeSyntax 2.5.5.9
oMSyntax 2
VARTYPE VT_I4
ADSTYPE ADSTYPE_INTEGER
LargeInteger Large integer. Use for 64-bit values.
Syntax type Value
attributeSyntax 2.5.5.16
oMSyntax 65
VARTYPE VT_DISPATCH (QueryInterface for IADsLargeInteger)
ADSTYPE ADSTYPE_LARGE_INTEGER

The following table lists the syntax for string data types.

Name Description
String(IA5) A case-sensitive string that contains characters from the IA5 character set.
Syntax type Value
attributeSyntax 2.5.5.5
oMSyntax 22
VARTYPE VT_BSTR
ADSTYPE ADSTYPE_PRINTABLE_STRING
String(NT-Sec-Desc) Octet string that contains a Windows NT/Windows 2000 security descriptor.
Syntax type Value
attributeSyntax 2.5.5.15
oMSyntax 66
VARTYPE VT_DISPATCH (QueryInterface for IADsSecurityDescriptor)
ADSTYPE ADSTYPE_NT_SECURITY_DESCRIPTOR
String(Numeric) String that contains digits.
Syntax type Value
attributeSyntax 2.5.5.6
oMSyntax 18
VARTYPE VT_BSTR
ADSTYPE ADSTYPE_NUMERIC_STRING
String(Object-Identifier) An OID string, which is a string that contains digits (0-9) and decimal points (.).
Syntax type Value
attributeSyntax 2.5.5.2
oMSyntax 6
VARTYPE VT_BSTR
ADSTYPE ADSTYPE_CASE_IGNORE_STRING
String(Octet) Array of bytes. Use OctetString to store binary data.
Syntax type Value
attributeSyntax 2.5.5.10
oMSyntax 4
VARTYPE VT_UI1 | VT_ARRAY
ADSTYPE ADSTYPE_OCTET_STRING
String(Printable) A case-sensitive string that contains characters from the printable character set.
Syntax type Value
attributeSyntax 2.5.5.5
oMSyntax 19
VARTYPE VT_BSTR
ADSTYPE ADSTYPE_PRINTABLE_STRING
String(Sid) Octet string that contains a security identifier (SID). Use this syntax to store SID values only.
Syntax type Value
attributeSyntax 2.5.5.17
oMSyntax 4
VARTYPE VT_UI1 | VT_ARRAY
ADSTYPE ADSTYPE_OCTET_STRING
String(Teletex) A case-insensitive string that contains characters from the teletex character set.
Syntax type Value
attributeSyntax 2.5.5.4
oMSyntax 20
VARTYPE VT_BSTR
ADSTYPE ADSTYPE_CASE_IGNORE_STRING
String(Unicode) A case-insensitive Unicode string.
Syntax type Value
attributeSyntax 2.5.5.12
oMSyntax 64
VARTYPE VT_BSTR
ADSTYPE ADSTYPE_CASE_IGNORE_STRING
String(UTC-Time) A case-sensitive character string.
Syntax type Value
attributeSyntax 2.5.5.11
oMSyntax 27
VARTYPE VT_DATE
ADSTYPE ADSTYPE_UTC_TIME

The following table lists the syntax for the time data types. If defining a new attribute to store time values, use the String(Generalized-Time) syntax, which uses four characters to represent the year instead of only two. For more information and descriptions of the GeneralizedTime and UTCTime formats, see How To Specify Comparison Values.

Name Description
String(Generalized-Time) A time string format defined by ASN.1 standards. For more information, see ISO 8601 and X680. Use this syntax for storing time values in Generalized-Time format.
Syntax type Value
attributeSyntax 2.5.5.11
oMSyntax 24
VARTYPE VT_DATE
ADSTYPE ADSTYPE_UTC_TIME
String(UTC-Time) A time string format defined by ASN.1 standards. For more information, see ISO 8601 and X680. Use this syntax for storing time values in UTC-Time format.
Syntax type Value
attributeSyntax 2.5.5.11
oMSyntax 23
VARTYPE VT_DATE
ADSTYPE ADSTYPE_UTC_TIME

The following table lists the syntax for the object reference data types.

Name Description
Object(AccessPoint) From X400.
Syntax type Value
attributeSyntax 2.5.5.14
oMSyntax 127
oMObjectClass 0x2B0C0287731C00853E
Object(DS-DN) String that contains a DN. For attributes with this syntax, Active Directory handles attribute values as references to the object identified by the DN and automatically updates the value if the object is moved or renamed. For queries that include attributes of DN syntax in a filter, specify full distinguished names—wildcards (for example, cn=John*) are not supported.
Syntax type Value
attributeSyntax 2.5.5.1
oMSyntax 127
oMObjectClass 0x2B0C0287731C00854A
VARTYPE VT_BSTR
ADSTYPE ADSTYPE_DN_STRING
Object(DN-Binary) An OctetString that contains a binary value and a DN. A value with this syntax has the following format:

B:CharCount:binaryvalue:ObjectDN

where CharCount is the number of hexadecimal digits in binaryvalue, binaryvalue is the hexadecimal representation of the binary value, and ObjectDN is a distinguished name. Active Directory automatically updates the DN if the object that it refers to is moved or renamed. For more information and a code example that uses this syntax, see Enabling Rename-safe Binding with the otherWellKnownObjects Property.

Syntax type Value
attributeSyntax 2.5.5.7
oMSyntax 127
oMObjectClass 0x2A864886F7140101010B
VARTYPE VT_DISPATCH (QueryInterface for IADsDNWithBinary)
ADSTYPE ADSTYPE_DN_WITH_BINARY
Object(DN-String) An octet string that contains a string value and a DN. A value with this syntax has the following format:

S:CharCount:stringvalue:ObjectDN

where CharCount is the number of characters in the stringvalue string, and ObjectDN is a distinguished name of an object in Active Directory. Active Directory updates the DN if the object that it refers to is moved or renamed.

Syntax type Value
attributeSyntax 2.5.5.14
oMSyntax 127
oMObjectClass 0x2A864886F7140101010C
VARTYPE VT_DISPATCH (QueryInterface for IADsDNWithString)
ADSTYPE ADSTYPE_DN_WITH_STRING
Object(OR-Name) From X400.
Syntax type Value
attributeSyntax 2.5.5.7
oMSyntax 127
oMObjectClass 0x56060102050B1D

:

:

:

Object(Presentation-Address) A string that contains OSI presentation addresses.
Syntax type Value
attributeSyntax 2.5.5.13
oMSyntax 127
oMObjectClass 0x2B0C0287731C00855C
VARTYPE VT_BSTR
ADSTYPE ADSTYPE_CASE_IGNORE_STRING
Object(Replica-Link) System only. Used by Active Directory.
Syntax type Value
attributeSyntax 2.5.5.10
oMSyntax 127
oMObjectClass 0x2A864886F71401010106
VARTYPE VT_VARIANT
ADSTYPE ADSTYPE_OCTET_STRING