Recipe 10.11 Indexing an Attribute

10.11.1 Problem

You want to index an attribute so that searches using that attribute are faster.

10.11.2 Solution

For Windows 2000 Active Directory you need to enable schema modifications before proceeding. See Recipe 10.2 for more information. Using a graphical user interface
  1. Open the Active Directory Schema snap-in.

  2. In the left pane, click on the Attributes folder.

  3. In the right pane, double-click the attribute you want to index.

  4. Check the box beside Index this attribute in the Active Directory.

  5. Click OK. Using a command-line interface

You can index an attribute by using the ldifde utility and an LDIF file that contains the following:

dn: cn=<AttrCommonName>,cn=schema,cn=configuration,<ForestRootDN>
changetype: modify
replace: searchFlags
searchFlags: 1

If the LDIF file were named index_attribute.ldf, you would run the following command:

> ldifde -v -i -f index_attribute.ldf Using VBScript
' This code indexes an attribute.
' Set to the common name (not LDAP display name) of the attribute
strAttrName = "<AttrCommonName>"   ' e.g. rallencorp-LanguagesSpoken
' ------ END CONFIGURATION ---------

set objRootDSE = GetObject("LDAP://RootDSE")
set objAttr = GetObject("LDAP://cn=" & strAttrName & "," &
objAttr.Put "searchFlags", 1
WScript.Echo "Indexed attribute: " & strAttrName

The CLI and VBScript solutions assume that searchFlags wasn't previously set and just blindly overwrites whatever value is present if one was. See Recipe 4.12 for a better solution that will enable the bit you want without overwriting any previous settings.

10.11.3 Discussion

To index an attribute, you need to enable the 1 bit (0001) in the searchFlags attribute for the attributeSchema object.

searchFlags is a bit flag attribute that is used to set various properties related to searching with the attribute. Table 10-5 contains the various bit flags that can be set with searchFlags. When setting searchFlags, you may often need to set a couple bits together. For example, all Ambiguous Name Resolution (ANR) attributes must also be indexed, which means searchFlags should be set to 5 (1 + 4).

You can find the attributes that are indexed in the schema by using the following search criteria:


Alternatively, to find attributes that aren't indexed, change the previous search filter to the following:


10.11.4 See Also

Recipe 4.12 for modifying a bit-flag attribute, Recipe 10.7 for adding a new attribute, and MS KB 243311 (Setting an Attribute's searchFlags Property to Be Indexed for ANR)

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List