Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 243299 - Last Review: March 2, 2007 - Revision: 4.3
Ambiguous Name Resolution for LDAP in Windows 2000
This article was previously published under Q243299
Ambiguous Name Resolution (ANR) is an efficient search algorithm associated with Lightweight Directory Access Protocol (LDAP) clients that allows for objects to be bound without complex search filters. ANR is useful when you are locating objects and attributes that may or may not be known by the client. A common use for ANR, for example, is in a situation in which a building name is known by the requesting client, but not the associated number. In this case, the physicalDeliveryOfficeName attribute may have a value of "Building 40" and a client might search for "Building." ANR returns a match in this instance. It also returns other matches containing the word "Building."
LDAP clients can use ANR to make searching and querying easier. Rather than presenting complex filters, a search can be presented for partial matches. If a space is embedded in the search string, as in the case above, the search is divided at the space and an "or" search is also performed on the attributes. If there is more than one space, the search divides only at the first space.
By default, the following attributes are set for ANR:
- GivenName
- Surname
- displayName
- LegacyExchangeDN
- msExchMailNickname
- RDN
- physicalDeliveryOfficeName
- proxyAddress
- sAMAccountName
Sample ANR Search Using the Address Book
Assume that there are three users named John Doe, John Does, and John Buck, and a search for "John Doe" is performed. The following actions result:
- The client presents an "anr=John Doe" request to Active Directory (Address Book generates an ANR search). ANR must be enabled on the LDAP server. Active Directory supports ANR by default. ANR is a filter rewrite on the server.
- Active Directory notices the "anr" and the embedded space.
- Active Directory checks the schema to determine which objects have ANR and SEARCH index bits set.
- Active Directory performs an "or" search for "John Doe*" against the default attributes listed above.
- Active Directory then searches for: Given-Name=John* AND Surname=Doe*
- Active Directory then searches for: Given-Name=Doe* AND Surname=John*
The search results are returned to the client with matches for John Doe:
- Compared to: John Doe
Search Results: Match
Results Explanation: "John Doe*" matches displayName from step 4 - Compared to: John Does
Search Results: Match
Results Explanation: "John*" AND "Doe*" matches Given-Name=John* AND Surname=Smith* from step 5 - Compared to: John Buck
Search Results: No match
Results Explanation: "John Doe*" does not match the displayName
"John*" AND "Doe*" does not match the Given-Name and Surname of John Buck
"John*" AND "Doe*" does not match the Surname and Given-Name of John Buck
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 98 Second Edition
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate