Hi M@ Responses in-line.
Tony -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha Weerasinghe Sent: Tuesday, 13 June 2006 8:08 a.m. To: [email protected] Subject: [ActiveDir] bitwise filters Guys, I have a few questions on bitwise filters. 1. I just wanna make sure I've understood bitwise filters correctly. Basically if I want to check if all bits are set, I should use the Bitwise AND operator. If I need to check if any number of the bits I am interested in are set, I should use the OR operator. Therefore the OR operator is best used in multiple bit checking scenarios. If I am checking for only one bit (and not multiple bits) , then I should use the AND operator. I guess it really doesn't matter. Its just the logic behind it. ***TM: Your understanding is correct. If I want a list of global and local groups, I could either do a search for groups that are not universal or I could do a seach for groups that have the bit for either global or local set couldnt I? i.e (&(objectcategory=group)(grouptype:1.2.840.113556.1.4.804:=6)) or (&(objectcategory=group)(!(grouptype:1.2.840.113556.1.4.803:=8))). Please correct me if I am wrong. ***TM: The first filter looks better to me. The second one would not find Universal security groups (because with the AND matching rule all of the bits must match). Universal security groups have a decimal value of 2147483656. 2. How do I find the bitwise filter OID for AND or OR without refering to manuals. Can I query this in the directory or is it hardcoded? ***TM: I don't believe you'll find it in the directory (i.e. it's not part of the schema). It is however a (Microsoft) registered OID. See http://www.alvestrand.no/objectid/1.2.840.113556.1.4.html 3. Joe, Could you please explain why the group type value output in adfind is minus? If I do a query with -f "(objectcategory=group)(grouptype:1.2.840.113556.1.4.803:=2147483650)" grouptype, I get -2147483646 as the output. The results are correct. I just want to understand why the output is minus. ***TM: I'm sure Joe will answer this one. Thanks M@ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. [EMAIL PROTECTED])
