How Can I Determine an Attribute’s Data Type and Whether It is Single- or Multi-Valued?

How Can I Determine an Attribute’s Data Type and Whether It is Single- or Multi-Valued?

  • Comments 1
  • Likes
Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I query the Active Directory schema for an attribute’s data type and whether it is single-valued or multi-valued?

-- MS

SpacerHey, Scripting Guy! AnswerScript Center

Hey, MS. You know, this turned out to be one of those questions that drive us crazy: after all, it seemed like it would be so easy to answer. As you’ve probably already figured out, however, it turned out to be a bit more complicated than we expected.

Why? Well, it’s easy enough to bind to any Active Directory attribute and find out whether it’s single-valued or multi-valued; in fact, each attribute has its own attribute (isSingleValued) that tells you that very thing. We also knew that there was an attribute - ADsType - that tells you the data type of an attribute. Case closed, right?

Well, no, unfortunately not. It turns out that you can’t get the ADsType when binding to an attribute in the schema; instead, you have to retrieve the property from an actual object (such as a user account) and then you can determine the data type. That sounded way too complicated: you bind to the attribute in the schema to get one bit of information, then have to bind to an actual object to get the second bit of information. Not very elegant, to say the least. (And we Scripting Guys pride ourselves on our elegance.)

So we started digging through the Active Directory schema, looking for something that would tell us the data type of the object. Eventually we stumbled upon an attribute we had never heard of: oMSyntax, which returns the syntax value assigned to an attribute. There are some slight differences between ADsType and oMSyntax, but for script writers they don’t really matter; the information oMSyntax returns will likely tell you everything you need to know.

At least we hope so, because that’s the route we ended up taking:

Set objAttribute = GetObject _
    ("LDAP://cn=telephone-Number,cn=schema,cn=configuration,dc=fabrikam,dc=com")

Wscript.Echo "Single-valued: " & objAttribute.isSingleValued

Select Case objAttribute.oMSyntax
    Case 1
        Wscript.Echo "Datatype: " & "Boolean"
    Case 2
        Wscript.Echo "Datatype: " & "Integer or Enumeration"
    Case 4
        Wscript.Echo "Datatype: " & "String (Octet or SID)"
    Case 6
        Wscript.Echo "Datatype: " & "String (Object-Identifier)"
    Case 10
        Wscript.Echo "Datatype: " & "Integer or Enumeration"
    Case 18
        Wscript.Echo "Datatype: " & "String (Numeric)"
    Case 20
        Wscript.Echo "Datatype: " & "Case-Ignore String (Teletex)"
    Case 27
        Wscript.Echo "Datatype: " & "Case-Sensitive String"
    Case 19
        Wscript.Echo "Datatype: " & "String (Printable or IA5)"
    Case 22
        Wscript.Echo "Datatype: " & "String (Printable or IA5)"
    Case 23
        Wscript.Echo "Datatype: " & "String (UTC-Time or Generalized-Time)"
    Case 24
        Wscript.Echo "Datatype: " & "String (UTC-Time or Generalized-Time)"
    Case 64
        Wscript.Echo "Datatype: " & "String (Unicode)"
    Case 65
        Wscript.Echo "Datatype: " & "Large Integer"
    Case 66
        Wscript.Echo "Datatype: " & "String (NT Security Descriptor)"
    Case 127
        Wscript.Echo "Datatype: " & "Object"
    Case Else
        Wscript.Echo "Datatype: " & "Undefined"
End Select

The script begins by binding to the desired attribute (in this case, telephone-Number) in Active Directory:

Set objAttribute = GetObject _
    ("LDAP://cn=telephone-Number,cn=schema,cn=configuration,dc=fabrikam,dc=com")

Notice two things here. First, we use the CN for the attribute (telephone-Number) rather than the LDAP display name (telephoneNumber). That’s important to keep in mind because the odds are you’re used to using the LDAP display name in your ADSI scripts.

Note. If you don’t know the CN for a particular attribute, take a look at the Active Directory Schema Reference on MSDN. Generally speaking, you can construct the CN just by inserting a hyphen between the individual words in the LDAP display name: thus, telephoneNumber becomes telephone-Number. That’s not guaranteed to work in all cases, however, so refer to the Schema Reference as needed.

Second, we bind to the schema itself, which is located in the Configuration container. That’s not hard, it’s just different from most of your ADSI scripts. So, again, just something to keep in mind as you play around with this.

From there we retrieve and report the value of the isSingleValued attribute:

Wscript.Echo "Single-valued: " & objAttribute.isSingleValued

Like we said: that part was simple. And, really, the next part is pretty simple, too: we just use a Select Case statement to determine the data type of the attribute (based on the value of oMSyntax). Our Select Case statement looks like this:

Select Case objAttribute.oMSyntax

Inside that Select Case block we simply look for the possible values of oMSyntax and then echo a corresponding message. For example, if oMSyntax equals 64 (which it does in this case) the following lines of code will be triggered:

Case 64
    Wscript.Echo "Datatype: " & "String (Unicode)"

Run the script for the telephone-Number attribute and we’ll get back the following information:

Single-valued: True
Datatype: String (Unicode)

OK, so maybe it wasn’t all that hard after all; just a little tricky. But you know the Scripting Guys: if something involves even the tiniest bit of effort, well ….

Note. By the way, we realize that some of the data types shown in the Select Case statement might seem a bit obtuse. Fortunately, you can find out more about the possible values of oMSyntax (and what those values mean) by taking a peek at the Syntaxes reference on MSDN.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment