Paged Search control—. Used with the search operation. This control allows a client to retrieve a result in small pieces. The OID 1.2.840.113556.1.4.319 specifies this control. This control is described in Chapter 3.

Get Security Descriptor control—. Used with the search operation. This control allows a client to retrieve the nTSecurityDescriptor attribute. The nTSecurityDescriptor attribute is not returned normally, even if explicitly requested. There are four flags used with this control to retrieve the different portions of the attribute. 0x01 is used to get the owner information, 0x02 is used to get the group information, 0x04 is used to get the DACL information (list of ACEs), and 0x08 is used to get the SACL information (audit settings). The OID 1.2.840.113556.1.4.801 specifies this control.

Sorted Search Request control—. Used with the search operation. This control allows a client to retrieve results in sorted order as specified by the client. The OID 1.2.840.113556.1.4.473 specifies this control. This control is described in Chapter 3.

Change Notification (PSEARCH) control—. Used with the search operation. This control allows a client to receive results from the server as long as the client-server session is kept alive. The operation never completes. It runs and returns results as new entries meet the search criteria. The OID 1.2.840.113556.1.4.528 specifies this control. This control is introduced in Chapter 3.

Show Deleted Objects control—. Used with the search operation. This control allows a client to find entries that have been deleted but not yet purged from the underlying directory database. Deleted entries are not normally returned by search operations, but this control includes them. The OID 1.2.840.113556.1.4.417 specifies this control.

Lazy Commit control—. Used with any of the operations that modify or add entries. This control allows a client to tell AD to postpone writing the results of the operations to disk, and to just store them in cache. This control allows a client to make a large number of changes without any loss of performance due to disk writes and therefore optimizes large changes. However, if the directory server crashes before the cache is written, the changes are lost. The OID 1.2.840.113556.1.4.619 specifies this control.

Directory Synchronization (DIRSYNC) control—. Used with a search operation. This control allows a client to find all changes to a directory partition since a point in time. The client presents information indicating a replication USN. The server returns all changed entries that are after this USN and before the current replication USN of the directory partition, and that match the search filter. The OID 1.2.840.113556.1.4.841 specifies this control. This control is introduced in Chapter 3.

Return Extended DN control—. Used with a search operation. This control allows a client to get a special DN for an entry that is guaranteed to remain accurate regardless of subsequent rename or move operations. The control returns a DN with the globally unique identifier (GUID) as a component. The GUID for an entry in AD never changes. This special DN could then be stored for an extended period of time, and still be used at a later time to reference the entry. The OID 1.2.840.113556.1.4.529 specifies this control.

Tree Delete control—. Used with a delete operation. This control allows a client to delete a container and all children of the container. The operation is subject to access controls and will not cross directory partitions. The OID 1.2.840.113556.1.4.805 specifies this control.

Cross Domain Move control—. Used with the modifyRDN operation. This control allows a client to move an entry from one domain partition to another. There are implications to moving any entry between domains that are used in conjunction with access control security, and you should read more about this control before using it. The OID 1.2.840.113556.1.4.521 specifies this control.

Statistics control—. Has little to no documentation. This control is installed on the Windows 2000 AD and apparently will return statistics on directory queries. There is some documentation of the control at http://msdn.microsoft.com/library/en-us/dnactdir/html/efficientadapps.asp. Microsoft has indicated it will be fully documented for the .NET Server release. Apparently it hasn't been documented to discourage use because the initial implementation of the control isn't robust. One wonders how this feature made it past the beta screening. The OID 1.2.840.113556.1.4.970 specifies this control.

Verify Server Name control—. Used with the search operation. This control allows a client to specify which global catalog server to use when performing the search. This can be useful when replication may not have created the entry in all partitions. The OID 1.2.840.113556.1.4.1338 specifies this control.

Sorted Search Response control—. The response paired with the request detailed above. The OID 1.2.840.113556.1.4.474 specifies this control.

Search with Local Scope control, also known as Do Not Generate Referrals control—. Used with the search operation. This control allows the client to disable the generation of referrals by the server. Note that this is different from the client option not to chase referrals. Telling the server not to generate the referrals can reduce the client's processing time because entries with referrals aren't returned at all to the client. The OID 1.2.840.113556.1.4.1339 specifies this control.

Server Search Operations control—. Used with the search operation. This control allows a client to specify several options to control how the request is handled. Only two options are documented, one that does the same thing as the Search with Local Scope control, and another that enables the directory to honor search requests with a base DN outside the partition's base DN. By default, AD will give an error instead of returning a default referral for requests with a base DN outside the partition's base DN, but this flag changes that behavior. The OID 1.2.840.113556.1.4.1340 specifies this control.

Permissive Modify control—. Used with the modify operation. This control allows a client to perform operations that are usually illegal. Usually adding an optional single-valued attribute that already exists or deleting an optional attribute that doesn't exist on an entry returns an error. This control changes that behavior so the operation returns a success message. The OID 1.2.840.113556.1.4.1413 specifies this control.

ASQ control—. Used with the search operation. This control allows the client to perform an extended match filter (described in Chapter 3), which lets you search the directory for values in an entry's DN. This control requires that you specify a single naming attribute to perform the extended match filter against. This control will be supported in the .NET Server release. The OID 1.2.840.113556.1.4.1504 specifies this control.

Virtual List View Request control—. Used with the search operation. This control allows the client to specify that the server return search results in a special order and number. This is particularly useful for LDAP-enabled applications like e-mail clients, which want to display a limited number of sorted entries beginning with a specific entry. This control was mentioned briefly in Chapter 3 and will be supported in the .NET Server release. The OID 2.16.840.1.113730.3.4.9 specifies this control.

Virtual List View Response control—. The response paired with the request detailed above. The OID 2.16.840.1.113730.3.4.10 specifies this control.