LDAP reads are specified in [RFC2251] section 4.5. Generally and imprecisely, reads are searches starting at some object in Active Directory and restricted by the requester to either the object, the object's children, or the tree of objects rooted by object. After applying that restriction, the search is then restricted to the objects and the values for attributes on those objects to which the requester has access. The search is finally restricted to the objects that match the search filter. The requested attributes and their values for those matching objects are then returned to the requester. The RFC specifies the details for LDAP reads. This section covers access checks for LDAP reads, extended access checks for reading the specified attributes, the attributes used to construct the specified constructed attributes, and the effect of defunct attributes and classes on reads.