Skip navigation

LDAP Query Idiosyncrasies

Unlike Exchange Server 5.5 import and export files, LDAP uses organizationalPerson instead of mailbox and GroupOfNames instead of dl. Remember, Microsoft didn't design LDAP; the Internet Engineering Task Force (IETF) defined LDAP in a series of Request for Comments (RFCs). These RFCs specify many of the names and basic attributes that LDAP queries can use.

Microsoft updated the Exchange directory to associate the LDAP names with the Exchange schema to make LDAP use viable. You can determine an attribute's LDAP name by using ADSI Edit or Exchange Administrator's raw mode to access the schema in Exchange 2000. You look at the description attribute to see the LDAP name. Remember to be very cautious when you use ADSI Edit or the raw mode: A wrong move with these utilities can easily corrupt or disable your system. For more information about ADSI Edit, see Tony Redmond, "Introducing the ADSI Edit Utility" (July 2000).

Last, the Exchange and Windows 2000 directories each have a limit on how many items that one LDAP query can return. You must change or override this limit if you plan to perform queries that result in large selections. You can override this limit in your script, or you can increase the default return limit by using the Ntdsutil utility for Win2K and the LDAP protocol property pages in Exchange Server 5.5.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.