Share via

SortKey Control (LDAP_SERVER_SORT_OID) and constructed attribute "msDS-ReplValueMetaData"

Volker Kußmann 0 Reputation points
2023-06-12T10:37:40.9633333+00:00

Can the SortKey control ( [MS-ADTS].pdf -> 3.1.1.3.4.1.13 LDAP_SERVER_SORT_OID ) be applied to constructed attributes, such as 'msDS-ReplValueMetaData' as well? I want to search the metadata for linked attributes. For groups with several 10.000 members, this is time-consuming. For the 'member' attribute, either 'pszObjectDn' could be returned in ascending order for a b-tree search or 'usnLocalChange' in descending order for the latest changes in Page 'range=0-999'.

A dirSync search returns only changed members. I would like to read out the metadata for changed linked values as soon as possible.

/Volker

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,975 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gary Reynolds 9,621 Reputation points
    2023-06-12T11:11:14.1566667+00:00

    Hi Volker,

    I've tested it on a Windows 2019 DC, and it doesn't support the sort control with a constructed attribute. If you do include the control specifying the msDS-ReplValueMetaData attribute you get the following error:

    Error: (0x0C) The control is critical and the server does not support the control, Server Error: 0000217A: SvcErr: DSID-03140452, problem 5010 (UNAVAIL_EXTENSION), data 0, Ext Error: (8570) The sort order requested is not supported.

    I think the return order is based on the last changed returned first.

    Gary.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.