Attributes for AD Users : objectCategory
The Active Directory attribute objectClass helps in the classification of user objects in the clas hierachy of the Active Directory schema. It can be considered as an add-on to the object class information which is stored in the attribute "objectClass".
|In Global Catalog?||Yes|
|AD DB attribute name||Object-Category|
|ADSI datatype||1 - Object(DS-DN)|
|LDAP syntax||18.104.22.168.4.1.1422.214.171.124.12 - DN|
|Used in ...||> W2K|
|Schema Info||Microsoft - MSDN|
The attribute objectCategory is according to it's data type a distinguished
name (DN). For example, a typical content would be
The most frequent use of objectCategory is in LDAP filters. It's a bit strange that in the filter syntax, you can use a for an objectCategory value the pure category name (actuallay, this would be the relative distinguished name of the category):
Note: If you use the LDAP filter "(objectClass=user)" to search the directory for user objects, you get as a result user AND computer objects. This is because computer objects have (amongst others) the objectclass "user", too. The filter for the "real" users should be like this: "((&objectClass=user)(objectCategory=Person))" . You can get more information about this point in the SelfADSI tutorial in topic "Searching Objects".