Microsoft KB Archive/260045

{|
 * width="100%"|

PRB: ADSI LDAP Filters Ignore Queries That Contain > or < Operator

 * }

Q260045

-

The information in this article applies to:


 * Microsoft Active Directory Service Interfaces, versions 2.0, 2.5
 * Microsoft Active Directory Services Interface, System Component, included with:
 * the operating system: Microsoft Windows 2000

-

SYMPTOMS
Active Directory Services Interfaces (ADSI) queries that use the > (greater than) or < (less than) operators may result in empty result sets, even though values in the directory satisfy the filter.

CAUSE
ADSI follows the Request for Comments (RFC) 2254 specification for forming Lightweight Data Access Protocol (LDAP) version 3 search filters. RFC 2254 states that &quot;greater than&quot; should be expressed as >= and &quot;less than&quot; should be expressed as <=. For this reason, ADSI treats queries that use the > or < operator as malformed, and does not pass these queries to the directory server.

RESOLUTION
To work around this problem, rework the query to use >= or <=, and then exclude all occurrences of equality. For example, you could rework the following filter

(MyAttribute>MyValue) in this way:

(&(MyAttribute>=MyValue)(!(MyAttribute=MyValue)))

STATUS
This behavior is by design.

MORE INFORMATION
You can specify queries with ADSI through the OLE DB provider and IDirectorySearch interface. You can express these queries by using an LDAP syntax or an SQL syntax. When you use the LDAP syntax, you must adhere to the RFC syntax described above. When you use the SQL syntax, the ADSI parser performs the conversion (to the RFC syntax) automatically.