objectCategory vs. objectClass

Both the objectCategory and objectClass attributes can refer to a given schema class of a directory object. However, there is an important distinction in semantics between the two. "objectClass=joy" refers to such directory objects in which "joy" represents any class in the object class hierarchy. "objectCategory=joy", on the other hand, refers to those directory objects in which "joy" identifies a specific class in the object class hierarchy.

objectClass can take multiple values whereas objectCategory takes a single value. Because of this, objectCategory is better suited for type matching of objects in a directory search. ADSI uses this as the default matching criterion. Searches using one objectClass are not scalable to large databases. ADSI supports "(objectCategory=SomeDN)" and "(objectCategory=Ldap_Display_Name_of_Class)" syntaxes.

The exception to all of this is that the LDAP search filter "(objectClass=*)" does not specify a search on object class, but merely tests for the presence of the objects.