4.3 Attribute Syntax
The syntax of an attribute represents the kind of data it
can hold; people with a programming background are probably more
familiar with the term
"data
type." Unlike attributes and classes, the supported
syntaxes are not represented as objects in Active Directory. Instead,
Microsoft has coded these syntaxes internally into Active Directory
itself. Consequently, any new attributes you create in the schema
must use one of the predefined syntaxes.
Whenever you create a new attribute, you must specify its syntax. To
uniquely identify the syntax among the total set of 21 syntaxes, you
must specify 2 pieces of information: the
OID of the syntax and a
so-called OM syntax. This pair of values must be set together and
correctly correlate with Table 4-3. More than one
syntax has the same OID, which may seem strange; and to distinguish
between different syntaxes uniquely, you thus need a second
identifier. This is the result of Microsoft requiring some syntaxes
that X.500 did not provide. Table 4-3 shows the 21
expanded syntaxes, including the name of the syntax with alternate
names followed in parentheses.
Table 4-3. Syntax definitions
|
Undefined
|
2.5.5.0
|
N/A
|
Not a valid syntax
|
|
Distinguished Name
|
2.5.5.1
|
127
|
The Fully Qualified Domain Name (FQDN) of an object in Active
Directory
|
|
Object ID
|
2.5.5.2
|
6
|
OID
|
|
Case-sensitive string
|
2.5.5.3
|
20
|
A string that differentiates between uppercase and lowercase
|
|
Case-insensitive string
|
2.5.5.4
|
20
|
A string that does not differentiate between uppercase and lowercase
|
|
Print case string (Printable-String)
|
2.5.5.5
|
19
|
A normal printable string
|
|
Print case string (IA5- String)
|
2.5.5.5
|
22
|
A normal printable string
|
|
Numeric string
|
2.5.5.6
|
18
|
A string of digits
|
|
OR name
|
2.5.5.7
|
127
|
An X.400 email address
|
|
Boolean
|
2.5.5.8
|
1
|
True or false
|
|
Integer (integer)
|
2.5.5.9
|
2
|
A 32-bit number
|
|
Integer (enumeration)
|
2.5.5.9
|
10
|
A 32-bit number
|
|
Octet string (Octet-String)
|
2.5.5.10
|
4
|
A byte string
|
|
Octet string (object)
|
2.5.5.10
|
127
|
A byte string
|
|
Time
|
2.5.5.11
|
23
|
The number of seconds elapsed since 1 January 1970
|
|
Unicode
|
2.5.5.12
|
64
|
A wide string
|
|
Address
|
2.5.5.13
|
127
|
Used internally by the system
|
|
Distname-Address
|
2.5.5.14
|
127
|
Used internally by the system
|
|
NT Security Descriptor
|
2.5.5.15
|
66
|
A Security Descriptor (SD)
|
|
Large integer
|
2.5.5.16
|
65
|
A 64-bit number
|
|
SID
|
2.5.5.17
|
4
|
A Security Identifier (SID)
|
Most of these are standard programming types. If
you're not sure which syntax to use, take a look at
a preexisting attribute and see if you can find an appropriate syntax
for the attribute you wish to create. For example, the
userPrincipalName attribute has an attributeSyntax of 2.5.5.12 and an
oMSyntax of 64, so it must contain Unicode strings.
|
