Attributes for AD Users : objectCategory
The Active Directory attribute objectClass helps in the classification of user objects in the clas hierachy of the Active Directory schema. It can be considered as an add-on to the object class information which is stored in the attribute "objectClass".
objectCategory
| LDAP name | objectCategory |
| Data type | String |
| Multivalue (Array) | No |
| System Flags | 0x12 |
| Search Flags | 0x01 |
| In Global Catalog? | Yes |
| Attribute ID | 1.2.840.113556.1.4.782 |
| AD DB attribute name | Object-Category |
| ADSI datatype | 1 - Object(DS-DN) |
| LDAP syntax | 1.3.6.1.4.1.1466.115.121.1.12 - DN |
| Used in ... | > W2K |
| Schema Info | Microsoft - MSDN |
The attribute objectCategory is according to it's data type a distinguished
name (DN). For example, a typical content would be
CN=Group,CN=Schema,CN=Configuration,DC=cerrotorre,DC=de
The most frequent use of objectCategory is in LDAP
filters. It's a bit strange that in the filter syntax, you can use
a for an objectCategory value the pure category name (actuallay, this would
be the relative distinguished name of the category):
(objectCategory=Group)
Note: If you use the LDAP filter "(objectClass=user)" to
search the directory for user objects, you get as a result user AND computer
objects. This is because computer objects have (amongst others) the objectclass "user",
too. The filter for the "real" users should be like this: "((&objectClass=user)(objectCategory=Person))" .
You can get more information about this point in the SelfADSI tutorial
in topic "Searching
Objects".