Tuesday, January 27, 2009

Active Directory properties (LDAP user attributes)

As I promised in my previous post: howto retreive logged on users email from AD
Below is a list of all the Active Directory properties (LDAP user attributes)

-CN
Common Name CN=Guy Thomas. Actually, this LDAP attribute is made up from givenName joined to SN.

-description
What you see in Active Directory Users and Computers. Not to be confused with displayName on the Users property sheet.

-displayName
displayName = Guy Thomas

-DN
also distinguishedName DN is simply the most important LDAP attribute.

-givenName
Firstname also called Christian name

-homeDrive
Home Folder

-name
name = Guy Thomas. same as CN.

-objectCategory
Defines the Active Directory Schema category. For example, objectClass = Person

-objectClass
objectClass = User. Also used for
Computer, organizationalUnit, even container. Important top level container.

-physicalDeliveryOfficeName
Office! on the user's General property sheet

-profilePath
Roamingprofilepath:connect

-sAMAccountName
sAMAccountName=guyt.OldNT4.0logon
name,must be unique in the domain. Can be confused with CN.

-SN
SN = Thomas. This would be referred to as
last name or surname.

-userAccountControl
Used to disable an account. A value of 514 disables the account, while 512 makes the account ready for logon.

-userPrincipalName
userPrincipalName = guyt@CP.com Often abbreviated to UPN, and looks like an email address.

-c
Country or Region

-company
Company or organization name

-department
Useful category to fill in and use for filtering

-homephone
Home Phone number, (Lots more phone LDAPs)

-l
(Lower case L) L = Location. City ( Maybe Office


-location
Important, particularly for printers.

-manager
Boss, manager

-mobile
Mobile Phone number

-ObjectClass
Usually, User, or Computer

-OU
Organizational unit

-postalCode
Zip or postal code

-st
State, Province or County

-streetAddress
First line of address

-telephoneNumber
Office Phone


Exchange Specific LDAP attributes
-mail
An easy, but important attribute. A simple SMTP address is all that is required

-mailNickname
Normally this is the same value as the sAMAccountName, but could be different if you wished. Needed for mail enabled contacts.

-mDBUseDefaults
Another straightforward field, just the
value to:True

-msExchHomeServerName
Exchange needs to know which server to deliver the mail.

-proxyAddresses
As the name 'proxy' suggests, it is possible for one recipient to have more than one email address. Note the plural spelling of proxyAddresses.

-targetAddress
SMTP:@ email address. Note that SMTP is case sensitive. All capitals means the default address.

3 comments:

jeet said...

hi Brad,
thanks for your post,
I need dynamic list of LDAP attributes in one of my C# app.
I heard something of LDAP browser that displays the LDAP attributes (AD fields).. but i dont know how???
please rescue...

thanks in advance,
jeet

Caio said...

Thank you very much for this complete list of attributes, printing them one per one isn't so useful when you have to complete every field in order to display it....bye

Anonymous said...

Great list! I know this is an old post, but there's a visual representation of User LDAP Attributes at :

http://www.jigsolving.com/activedirectory/user-account-attributes-part-1

There are a few posts there, each one breaks down a common tab within Active Directory for Users and Computers interface or the Outlook Address book (General tab, Etc)