[ Team LiB ] |
Recipe 10.13 Modifying the Attributes Included with Ambiguous Name Resolution10.13.1 ProblemYou want to modify the attributes that are included as part of ANR. 10.13.2 Solution
10.13.2.1 Using a graphical user interface
10.13.2.2 Using a command-line interfaceYou can include an attribute as part of ANR by using the ldifde utility and an LDIF file that contains the following: dn: cn=rallencorp-LanguagesSpoken,cn=schema,cn=configuration,<ForestRootDN> changetype: modify replace: searchFlags searchFlags: 5 - If the LDIF file were named add_anr_attr.ldf, you would run the following command: > ldifde -v -i -f add_anr_attr.ldf 10.13.2.3 Using VBScript' This code will make an attribute part of the ANR set. ' ------ SCRIPT CONFIGURATION ------ ' Set to the common name (not LDAP display dame) of the attribute strAttrName = "<AttrCommonName>" ' e.g. rallencorp-LanguagesSpoken ' ------ END CONFIGURATION --------- set objRootDSE = GetObject("LDAP://RootDSE") set objAttr = GetObject("LDAP://cn=" & strAttrName & "," & _ objRootDSE.Get("schemaNamingContext")) objAttr.Put "searchFlags", 5 objAttr.SetInfo WScript.Echo "New ANR attribute: " & strAttrName
10.13.3 DiscussionANR is an efficient search algorithm that allows for a complex search filter to be written using a single comparison. For example, a search for (anr=Jim Smith) would translate into the following query:
These filters are ORed together and then processed by Active Directory. Since all default ANR attributes are also indexed, the query return should come back quickly. Here is a list of the default attributes that are included as part of ANR searches. The LDAP display name of the attribute is shown first with the common name in parenthesis.
It is important to make sure that any new ANR attributes are also indexed. ANR searches are intended to be very fast, and if a non-indexed attribute was added to the set, it could dramatically impact the performance of the searches. You can find which attributes are included in the ANR set by using the following search criteria:
Alternatively, to find attributes that aren't included in ANR, change the previous search filter to the following: (&(objectcategory=attributeSchema)(!(searchFlags:1.2.840.113556.1.4.803:=4))) 10.13.4 See AlsoRecipe 4.12 for modifying a bit-flag attribute, Recipe 10.7 for adding a new attribute, MS KB 243299 (Ambiguous Name Resolution for LDAP in Windows 2000), and MS KB 243311 (Setting an Attribute's searchFlags Property to Be Indexed for ANR) |
[ Team LiB ] |