A list of all the user attributes with maximum data sizes, including Microsoft Exchange Extensions.
| Description | LDAP provider property | Alias | WinNT provider property |
LDAP Max Length |
Multi- Valued ? |
LDAP Property Method |
|---|---|---|---|---|---|---|
| Account expires end of (date) | accountExpires | Date | AccountExpirationdate | |||
| Country/region (ISO 4217) | c | co, countryCode | Predefined values (3 digit int returns String) |
|||
| Name | cn | String(64) | ||||
| Company | company | String(64) | ||||
| Department | department | String(64) | ||||
| Description | description | description | String(1024) | |||
| Display name | displayName | FullName | fullName | String(256) | FullName | |
| Fax | facsimileTelephoneNumber | String(64) | FaxNumber | |||
| First name | givenName | FirstName | String(64) | FirstName | ||
| Home folder, local path | homeDirectory | homeDirectory | String | |||
| Home folder, Connect, To: | homeDirectory | homeDirectory | String | |||
| Home folder, Connect, Drive | homeDrive | homeDirDrive | Predefined values (String) |
|||
| Home | homePhone | String(64) | TelephoneHome | |||
| Notes | info | String(1024) | ||||
| Initials | initials | String(6) | ||||
| IP phone | ipPhone | String(64) | ||||
| City | l | City | String(128) | |||
| Logon Hours… | logonHours | Binary | LoginHours | |||
| EmailAddress | String(256) | EmailAddress | ||||
| Manager | manager | Distinguished Name | ||||
| Mobile | mobile | String(64) | TelephoneMobile | |||
| Other Fax numbers | otherFacsimileTelephoneNumber | String(64) | Yes | |||
| Other Home phone numbers | otherHomePhone | String(64) | Yes | |||
| Other IP phone numbers | otherIpPhone | String | Yes | |||
| Other Mobile numbers | otherMobile | String(64) | Yes | |||
| Other Pager numbers | otherPager | String(64) | Yes | |||
| Other Telephone numbers | otherTelephone | String(64) | Yes | |||
| Pager | pager | String(64) | TelephonePager | |||
| Office | physicalDeliveryOfficeName | String(128) | OfficeLocations | |||
| Zip/Postal Code | postalCode | String(40) | ||||
| P.O. Box | postOfficeBox | String(40) | ||||
| User Profile path | profilePath | profile | String | |||
| User must change password at next logon | pwdLastSet | Boolean | ||||
| pre-Windows 2000 logon name | sAMAccountName | name | String(256) | |||
| Logon script | scriptPath | loginScript | String | LoginScript | ||
| Last name | sn | LastName | String(64) | LastName | ||
| State/province | st | String(128) | ||||
| Street | streetAddress | String(1024) | ||||
| Telephone number | telephoneNumber | String(64) | ||||
| Title | title | String(128) | ||||
| Other Web pages | url | Multi-String(2048) | Yes | |||
| Account is Disabled | UserAccountControl flag (AccountDisabled/0x0002) |
Boolean | AccountDisabled | |||
| User cannot change password | UserAccountControl flag To set this: Modify the ACE |
Boolean | ||||
| Password never expires | UserAccountControl flag (DONT_EXPIRE_PASSWORD/0x10000) |
Boolean | ||||
| Store password using reversible encryption | UserAccountControl flag | Boolean | ||||
| User logon name | userPrincipalName | String(1024) | ||||
| Logon On To… (Logon Workstations) | userWorkstations | String(1024) | Yes | LoginWorkstations | ||
| Web page | wWWHomePage | String(2048) | HomePage | |||
| MS Exchange extensions | ExtensionAttribute1 | String(1024) | ||||
| MS Exchange extensions | ExtensionAttribute2 | String(1024) | ||||
| MS Exchange extensions | ExtensionAttribute... | String(1024) | ||||
| MS Exchange extensions | ExtensionAttribute14 | String(1024) | ||||
| MS Exchange extensions | ExtensionAttribute15 | String(1024) | ||||
| MS Exchange extensions 2010 | ExtensionCustomAttribute1 | Yes | ||||
| MS Exchange extensions 2010 | ExtensionCustomAttribute2 | Yes | ||||
| MS Exchange extensions 2010 | ExtensionCustomAttribute3 | Yes | ||||
| MS Exchange extensions 2010 | ExtensionCustomAttribute4 | Yes | ||||
| MS Exchange extensions 2010 | ExtensionCustomAttribute5 | Yes |
The Microsoft Exchange attributes aren't used by any Exchange components.
They can be used to store additional data in Active Directory without having to extend the Active Directory schema.
Some basic examples of LDAP queries. Each entire LDAP statement must be encompassed in a set of parentheses( ).
Syntax = (EQUAL TO - The attribute must be equal to a certain value to be true.) e.g. find all objects that have the first name of Alice (givenName=Alice) & (logical AND - More than one condition must be true.) e.g. find all of the people that have the first name of Alice and live in Venice: (&(givenName=Alice)(l=Venice)) ! (logical NOT - Exclude objects with a certain attribute.) e.g. find all objects except those eith the first name of Alice: (!givenName=Alice) * (wildcard - match anything) e.g. find all objects that have a value (any value) for title (title=*) find a given name that starts with Al (givenName=Al*) | (Logical OR - either comdition must be true) e.g. find all objects that are in Venice or in Milan: (|(l=Venice)(l=Milan))This LDAP query syntax can be combined for more complex questions
Find all objects that are in Venice or Milan, and that have the first name of Alice:
(&(givenName=Alice)(|(l=Venice)(l=Milan)))The ! operator in conjunction with the wildcard operator will look for objects where that attribute is not set to anything.
“We learn more by looking for the answer to a question and not finding it than we do from learning the answer itself” ~ Lloyd Alexander
Related PowerShell Cmdlets:
Get-adGroup - Get one or more AD groups.
Get-adUser - Get one or more AD users.
Active Directory Users and Computers - custom search.
CSVDE / LDIFDE - Create, modify or delete directory objects.