3.1.6.4.6.2 Read Begin

  1. If iAttributeList was not provided as an argument, then an iAttributeList MUST be constructed that MUST contain the names of all User ADM element attributes listed in section 3.1.6.20.6.

  2. The value of iAttributeList MUST be copied to ReadIterator.AttributeList.

  3. A Create LDAP Attribute List (section 3.1.6.10) event MUST be generated with the following arguments:

    • iDirectoryObjectType := "User"

    • iADMAttributeList := iAttributeList

  4. Let UserAttributeList be a list of user attribute names, initialized to be the LDAP attribute names returned in rLDAPAttributeList by the Create LDAP Attribute List event. If any ADM attribute present in iAttributeList does not appear in the rLDAPAttributesList returned by the Create LDAP Attribute List event, the entry in iAttributeSortOrder corresponding to that iAttributeList entry, if any, MUST be removed.

  5. Let UserFilterList be a list of attribute-filter expressions modified to refer to user attributes and values, initialized to be empty. For each expression in iFilter, add an expression to UserFilterList that consists of:

    • The user attribute that corresponds to the User ADM element attribute in the original expression, as shown in the following table.

    • The same operator as the original expression.

    • A value transformed from the value in the original expression as shown in the following table.

      If the User ADM element attribute in the original expression does not appear in the following table, the expression MUST be ignored.

      User ADM element attribute

      user attribute

      Value transformation

      Identifier

      objectGUID ([MS-ADA3] section 2.44)

      Copy

      SecurityIdentifier

      objectSid ([MS-ADA3] section 2.45)

      Copy

      CertificateDigestList

      mSMQDigests ([MS-ADA2] section 2.538)

      Copy

      Certificates

      mSMQSignCertificates ([MS-ADA2] section 2.571)

      Copy

      FullPath

      distinguishedName ([MS-ADA1] section 2.177)

      Copy

  6. A Search Using LDAP (section 3.1.6.15) event MUST be generated with the following arguments:

    • iObjectClass := user

    • iFilter := UserFilterList

    • iAttributes := UserAttributeList

  7. If the Search Using LDAP event returns an rStatus that is not DirectoryOperationResult.Success, and rStatus is set to DirectoryOperationResult.ObjectNotFound, ReadIterator.LDAPState MUST be set to an empty list, rStatus MUST be set to DirectoryOperationResult.Success, and processing MUST end.

  8. If the search fails for any other reason, rStatus MUST be set to the rStatus returned by the Search Using LDAP event, and processing MUST end.