The schema itself has a whole lot of interesting nuances. Within the schema we define multiple different types of attributes. One of the most useful attribute types we have might just be the constructed attribute.
Constructed attributes are interesting in that they aren’t a single value in the database which is read and returned. When you read a constructed attribute, rather than retrieving a value from the database, we perform a calculation of some sort and return the result of that calculation. The idea of constructed attributes is to provide the LDAP client reading them with some information that would otherwise be very difficult to obtain. Let’s look at an example.
Often times people would like to look at metadata on an object that is used during replication. Perhaps you are writing tools to monitor replication (hey, it could happen J) and see this information as of use to you. For this purpose we created two attributes: msDS-ReplAttributeMetaData and msDS-ReplValueMetaData. First, let’s look at the schema definition for one of these attributes (partial definition):
1> attributeID: 1.2.840.113518.104.22.1688;
1> attributeSyntax: 22.214.171.124;
1> isSingleValued: FALSE;
1> oMSyntax: 64;
1> lDAPDisplayName: msDS-ReplValueMetaData;
1> systemFlags: 0x14 = ( FLAG_ATTR_IS_CONSTRUCTED | FLAG_SCHEMA_BASE_OBJECT );
Note the element I placed in red (one of the flags set, LDP parsed this out for me). This flag tells us that the attribute is constructed.
If I visit an object in my directory and request this attribute be returned, I get something like:
>> Dn: CN=Builtin,DC=domain,DC=local
26> msDS-ReplAttributeMetaData: <DS_REPL_ATTR_META_DATA>
(I trimmed this output some for the sake of the length of this post)
Note that this particular attribute is returned in XML format. Some constructed attributes are returned as XML, some in other formats. But all are returned in a way so as to facilitate you parsing them if required, and just read them normally if they are a simple data type of some sort (int, etc.)
Of course, like other attributes in the directory, we define these elements on MSDN: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_msds_replattributemetadata.asp
So with all of that said, what are the caveats? Not many, but there are a few:
PingBack from http://bsonposh.com/archives/530
PingBack from http://www.keyongtech.com/4437089-getting-active-directory-attribute-meta