The date when the account expires. If this date is not empty then account will expire at end of this date. Therefore, account will be working in this date.
The days and hours when the account expires.
This account will never expire.
This attribute contains information about every account type object.
User's home address.
Description displayed on admin screens.
Name to be displayed on admin screens.
Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). Anyone with adminCount=1 is or was a privileged user of some sort.
The user cannot change the password.
Name of the object in canonical format, e.g. me.domain.com.
City
The name that represents an object.
User's company name.
The country in which the user is located.
Specifies the country/region code for the user's language of choice.
The date when this object was created.
You can use this attribute to store additional information.
You can use this attribute to store additional information.
You can use this attribute to store additional information.
You can use this attribute to store additional information.
You can use this attribute to store additional information.
You can use this attribute to store additional information.
You can use this attribute to store additional information.
You can use this attribute to store additional information.
You can use this attribute to store additional information.
You can use this attribute to store additional information.
You can use this attribute to store additional information.
You can use this attribute to store additional information.
You can use this attribute to store additional information.
You can use this attribute to store additional information.
You can use this attribute to store additional information.
If TRUE, this object has been marked for deletion and cannot be instantiated. After the tombstone period has expired, it will be removed from the system.
Contains the name of the department in which the user works.
Identifies a department within an organization.
This attribute is used in a split domain topology and contains a fully qualified domain name (FQDN).
Contains the description to display for an object.
Name displayed in the address book for a particular user. This is usually the combination of the user's first name, middle initial and last name.
The LDAP API references an LDAP object by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas.
This attribute specifies the distinguished names of the groups to which this object belongs.
User's division
This attribute specifies the distinguished names of the groups to which this object belongs.
(Windows 2000/Windows Server 2003) This account does not require Kerberos pre-authentication for logon.
Automatically update e-mail addresses based on e-mail address policy.
Email address.
Email alias.
A proxy address is the address by which a Microsoft Exchange Server recipient object is recognized in a foreign mail system. Proxy addresses are required for all recipient objects, such as custom recipients and distribution lists.
ID of an employee.
The number assigned to an employee other than the ID.
Job category for an employee.
You can use this attribute to store additional information. You can specify multiple values for these parameters as a comma delimited list. Each ExtensionCustomAttribute parameter can hold up to 1,300 values.
You can use this attribute to store additional information. You can specify multiple values for these parameters as a comma delimited list. Each ExtensionCustomAttribute parameter can hold up to 1,300 values.
You can use this attribute to store additional information. You can specify multiple values for these parameters as a comma delimited list. Each ExtensionCustomAttribute parameter can hold up to 1,300 values.
You can use this attribute to store additional information. You can specify multiple values for these parameters as a comma delimited list. Each ExtensionCustomAttribute parameter can hold up to 1,300 values.
You can use this attribute to store additional information. You can specify multiple values for these parameters as a comma delimited list. Each ExtensionCustomAttribute parameter can hold up to 1,300 values.
External e-mail addresses.
Fax.
This attribute controls whether a single user is enabled for federation. It is enforced by the Enterprise Services layer. It is marked for global catalog replication. The valid values are TRUE or FALSE.
Contains the given name (first name) of the user.
Contains the information that is stored in the GECOS field.
This attribute specifies the distinguished names of the groups to which this object belongs.
This attribute specifies the distinguished names of the groups to which this object belongs.
This attribute specifies the distinguished names of the groups to which this object belongs.
This attribute specifies the distinguished names of the groups to which this object belongs.
Has Thumbnail Photo.
Whether the user is a member of any group except the primary group.
Determines if the recipient appears in address lists.
The default home directory location that is mapped to the user's home directory. Useful to identify file servers quickly on the network, but be mindful of DFS (i.e. \domain\home\user vs \fileserver\home\user).
The home directory is required.
Specifies the drive letter to which to map the UNC path specified by homeDirectory. Example, "H: ".
Home MTA.
Specifies a linguistic construct used to identify a particular building, for example, a house number or house name relative to a street, avenue, town, city, and so on.
IP phone.
Contains the initials for parts of the user's full name. This may be used as the middle initial in the Windows Address Book.
This is a permit to trust account for a system domain that trusts other domains.
This attribute controls whether a single user is enabled for outside user access. It is enforced by the Enterprise Services layer. It is marked for global catalog replication. The valid values are TRUE or FALSE.
If TRUE, the object hosting this attribute must be replicated during installation of a new replica.
Is this user's primary group is Domain Guests.
Is this user's primary group is Domain Users.
This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. Also known as a local user account.
Contains the user's job title. This property is commonly used to indicate the formal job title, such as Senior Programmer, rather than occupational class, such as programmer. It is not typically used for suffix titles such as Esq. or DDS.
The last time and date that an attempt to log on to this account was made with a password that is not valid. This attribute is not replicated.
The Distinguished Name (DN) of the last known parent of an orphaned object.
The domain controller that authenticated this computer the last time it logged on to the network.
The last time the user logged on.
This is the time that the user last logged into the domain. The initial update after the raise of the domain functional level is calculated as 14 days minus random percentage of 5 days.
This attribute contains the family or last name for a user.
Legacy Exchange DN.
Contains the locality, such as the town or city, in the user's address.
The account is currently locked out. Calculated by attribute lockoutTime value and Account Lockout Policy Account lockout duration setting.
The date and time (UTC) that this account was locked out.
The number of times the account has successfully logged on.
The username (the logon name used to support clients and servers running earlier versions of the operating system.)
Logon Script.
The logon script is executed.
Contains the NetBIOS or DNS names of the computers running Windows NT Workstation or Windows 2000 Professional from which the user can log on. A comma separates each NetBIOS name.
Home mailbox database.
Microsoft Exchange Home Server Name.
Managed Accounts.
Managed Accounts Count.
Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name.
Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name.
Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name.
Mobile.
The date when this object was last changed. This value is not replicated and exists in the global catalog.
Must change password at next logon. pwdLastSet = 0.
Object name.
Indicates whether the account has permission to dial in to the RAS server.
The security context of the user will not be delegated to a service even if the service account is set as trusted for Kerberos delegation.
User's notes.
The number of times the user tried to log on to the account using an incorrect password. This number is taken from domain controller containing the latest bad password time.
Count of direct group membership.
An object class name used to group objects of this or derived classes.
The list of classes from which this class is derived.
Office.
This attribute specifies the options that are enabled for the user or contact object. This attribute is a bit-mask value of type integer. Each option is represented by a bit. This attribute is marked for global catalog replication.
This attribute is used in resource and central forest topologies to enable single sign-on when a user’s ObjectSID from the Windows NT Server principal account is copied into this attribute of the corresponding user or contact object in the resource or central forest. Skype for Business Server searches for a user in AD DS using this attribute or the user’s ObjectSID. This attribute is marked for global catalog replication.
P.O.Box
Pager.
Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is a container.
Gets this entry's parent name in the Active Directory Domain Services hierarchy.
Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is an organizational unit.
Returns the full OU name in reverse order.
(Windows Server 2008 and newer) This attribute indicates the time when the password of the object will expire.
The user password has expired. This flag is created by the system using data from the Pwd-Last-Set attribute and the domain policy.
The date and time that the password for this account was last changed.
The password for this account will never expire.
No password is required.
User's main home phone number.
Contains the relative identifier (RID) for the primary group of the user. By default, this is the RID for the Domain Users group.
This attribute enables a user or contact for SIP messaging. It is added to the contact class because in the central forest topology, contact objects, not user objects, are SIP enabled. The valid value is the DN of the Standard Edition server or Enterprise Edition Front End pool where a user is homed.
This attribute contains the SIP address of a given user.
This attribute contains the UPN that is an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. By convention, this should map to the user email name. The value set for this attribute is equal to the length of the user's ID and the domain name.
Profile Path.
Is object protected from accidental deletion. It is calculated from access control entry (ACE) - deny Delete + DeleteTree. Can take some time to calculate that is why advised to use other filters to narrow down record count.
This attribute specifies the home directory for the user. Each user on a terminal server has a unique home directory. This ensures that application information is stored separately for each user in a multi-user environment.
This attribute specifies a roaming or mandatory profile path to use when the user logs on to the terminal server. The profile path is in the following network path format: \\\\servername\\profiles folder name\\username.
Recipient type.
Recipient type details.
This attribute specifies the distinguished names of the groups to which this object belongs.
A binary value that specifies the security identifier (SID) of the user. The SID is a unique value used to identify the user as a security principal.
Governs whether or not Out-Of-Office notifications should be sent to originator.
Send delivery reports to group manager.
Send delivery reports to message originator.
The user must log on using a smart card.
State/Province.
The user can send an encrypted password.
The Street address.
The encryption algorithms supported by user, computer or trust accounts.
Telephone Number.
The service account (user or computer account), under which a service runs, is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service.
(Windows 2000/Windows Server 2003) The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be strictly controlled. This setting enables a service running under the account to assume a client identity and authenticate as that user to other remote servers on the network.
This attribute specifies the distinguished names of the groups to which this object belongs.
Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
Indicates whether the store should use the default quota, rather than the per-mailbox quota.
This attribute determines whether the user is currently enabled for Skype for Business Server.
This attribute stores name-value pairs for user policies.
Web Page.
Zip/Postal Code.
Install AD FastReporter 2023 and get your Active Directory reports in just a few clicks!