Creating a Query Filter

A query filter instructs Active Directory Domain Services to find data in an LDAP query syntax. All the specified data access technologies listed in the Choosing the Search Technology topic support LDAP query syntax.

The LDAP query syntax is as follows:

<expression><expression>...

A filter can contain one, or more, expressions. An expression has the following form:

(<logicaloperator><comparison><comparison...>)

where "<logicaloperator>" is one of the following.

Operator Description
"|"
Logical OR
"&"
Logical AND
"!"
Logical NOT

and "<comparison>" is the following:

(<attribute><operator><value>)

where "<attribute>" is the lDAPDisplayName of the attribute to evaluate, "<value>" is the value to compare against, and "<operator>" is one of the following comparison operators.

Operator Description
"="
Equals
"~="
Approximately equals
"<="
Less than or equal to
">="
Greater than or equal to

In addition, depending on the attribute syntax, the "<value>" may contain the wildcard symbol ("*"). A "<value>" that contains only a wildcard will check for the existence of any value in "<attribute>". If no value is set for "<attribute>", the test will fail.

If any of the following special characters must appear in the query filter as literals, they must be replaced by the listed escape sequence.

ASCII character Escape sequence substitute
*
"\2a"
(
"\28"
)
"\29"
\
"\5c"
NUL
"\00"

In addition, arbitrary binary data may be represented using the escape sequence syntax by encoding each byte of binary data with the backslash followed by two hexadecimal digits. For example, the four-byte value 0x00000004 is encoded as "\00\00\00\04" in a filter string.

Examples

The following query string will search for all objects of type "computer".

(objectCategory=computer)

The following query string will search for all objects of type "computer" with a name that begins with "desktop".

(&(objectCategory=computer)(name=desktop*))

The following query string will search for all objects of type "computer" with a name that begins with "desktop" or a name that begins with "notebook".

(&(objectCategory=computer)(|(name=desktop*)(name=notebook*)))

The following query string will search for all objects of type "user" that have a home phone number.

(&(objectCategory=user)(homePhone=*))

For more information about query filter strings, and usage examples, see: