Choosing a Syntax
There are 23 syntaxes defined in Active Directory Domain Services. This topic contains a list of recommended syntaxes to use when defining a new attribute.For more information, see Syntaxes for Attributes in Active Directory Domain Services.
The following table provides a list of recommendations.
| Data to store in attribute | Syntax to use | Comment |
|---|---|---|
| Binary data | String(Octet) | Use to store binary data. This is an array of bytes. |
| Binary data with a DN reference | Object(DN-Binary) | Contains a binary value and a distinguished name (DN). The Active Directory server keeps the DN up-to-date. |
| Boolean | Boolean | Use for boolean values. |
| DN Reference | Object(DS-DN) | Use to store distinguished names that you want kept up-to-date by the Active Directory server. When an attribute of DN syntax is created with a valid DN, the server treats the attribute as a reference to the object represented by the DN that was set. If the referenced object is renamed or moved, the server ensures that the attribute reflects the change. If the attribute is reset with a new DN, the attribute is reference to the object represented by the new DN. |
| Integer | Integer | Use for integers. |
| Large Integer (64-bit values) | LargeInteger | Use for 64-bit values. |
| Linked DN | Object(DS-DN) | This string syntax can be used for linked DNs. Back links must be of syntax DN. Forward links can be of syntax DN as well as Object(DN-String), Object(DN-Binary), Object(Access-Point), or Object(OR-Name). Linked attributes must have a linkID defined. See the description of linkID in Attribute-Schema properties. |
| Security Descriptor | String(NT-Sec-Desc) | Octet string containing a security descriptor. |
| Security Identifier (SID) | String(Sid) | Octet string containing a security identifier (SID). Use this syntax to store SID values only. |
| String | String(Unicode) | Use for most string attributes. It supports the Unicode character set. When the Active Directory server performs comparisons against attributes of this syntax (such as evaluating a query), it performs case-insensitive comparisons. Use the other string syntaxes (String(IA5), String(Numeric), and so on) to store strings that should contain only the specific character sets supported by the syntax. |
| String data with a DN reference | Object(DN-String) | String containing a string value and a distinguished name (DN). The Active Directory server keeps the DN up-to-date. |
| Time | String(Generalized-Time) | Use the String(Generalized-Time) syntax to store time values rather than the String(UTC-Time) syntax because String(Generalized-Time) uses four characters for the year and String(UTC-Time) uses only two. |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for