Transitive filter evaluation

Reading Time: < 1 minute

Few days ago Ryann Dunny wrote on his blog about new LDAP filter matching rule introduced with SP2 and of course available in Longhorn. This new rule is LDAP_MATCHING_RULE_IN_CHAIN (with OID 1.2.840.113556.1.4.194). What it basically allows You to do is to perform a query which will match value in DN-syntax  attributes values and will do this recursively. This allows a new types of searches to be performed like query for all the groups in which user is member or query for all users belonging to specific group. For specific examples please see Ryann posts as I don't want to copy&paste his examples :).

This functionality is also available for systems with SP1 only through hotfix available with KB 914828.

So if You don't want to code or script recursive group membership evaluation functions – this is easy to use solution. As Ryann wrote with some impact on performance of such queries (bottom line is that You can do this quicker with coding).