A list of all the user attributes with maximum data sizes, including Microsoft Exchange Extensions.
| Description | LDAP provider property | Alias | WinNT provider property |
LDAP Max Length |
Multi- Valued ? |
LDAP Property Method |
|---|---|---|---|---|---|---|
| Account expires end of (date) | accountExpires | Date | AccountExpirationdate | |||
| Country/region (ISO 4217) | c | co, countryCode | Predefined values (3 digit int returns String) |
|||
| Common Name (givenName + SN) | cn | String(64) | ||||
| Company | company | String(64) | ||||
| Department | department | String(64) | ||||
| Description | description | description | String(1024) | |||
| Display name | displayName | FullName | fullName | String(256) | FullName | |
| Fax | facsimileTelephoneNumber | String(64) | FaxNumber | |||
| Given name. In western countries this is often the first name. In Eastern countries this is often the last name. |
givenName | FirstName | String(64) | FirstName | ||
| Home folder, local path | homeDirectory | homeDirectory | String | |||
| Home folder, Connect, To: | homeDirectory | homeDirectory | String | |||
| Home folder, Connect, Drive | homeDrive | homeDirDrive | Predefined values (String) |
|||
| Home | homePhone | String(64) | TelephoneHome | |||
| Notes | info | String(1024) | ||||
| Initials | initials | String(6) | ||||
| IP phone | ipPhone | String(64) | ||||
| City | l | City | String(128) | |||
| Logon Hours… | logonHours | Binary | LoginHours | |||
| EmailAddress | String(256) | EmailAddress | ||||
| Manager | manager | Distinguished Name | ||||
| Mobile | mobile | String(64) | TelephoneMobile | |||
| Other Fax numbers | otherFacsimileTelephoneNumber | String(64) | Yes | |||
| Other Home phone numbers | otherHomePhone | String(64) | Yes | |||
| Other IP phone numbers | otherIpPhone | String | Yes | |||
| Other Mobile numbers | otherMobile | String(64) | Yes | |||
| Other Pager numbers | otherPager | String(64) | Yes | |||
| Other Telephone numbers | otherTelephone | String(64) | Yes | |||
| Pager | pager | String(64) | TelephonePager | |||
| Office | physicalDeliveryOfficeName | String(128) | OfficeLocations | |||
| Zip/Postal Code | postalCode | String(40) | ||||
| P.O. Box | postOfficeBox | String(40) | ||||
| User Profile path | profilePath | profile | String | |||
| User must change password at next logon | pwdLastSet | Boolean | ||||
| pre-Windows 2000 logon name | sAMAccountName | name | String(256) | |||
| Logon script | scriptPath | loginScript | String | LoginScript | ||
| Surname. In western countries this is often the last name. In Eastern countries this is often the first name. |
sn | LastName | String(64) | LastName | ||
| State/province | st | String(128) | ||||
| Street | streetAddress | String(1024) | ||||
| Telephone number | telephoneNumber | String(64) | ||||
| Title (Job Title) | title | String(128) | ||||
| Other Web pages | url | Multi-String(2048) | Yes | |||
| Account is Disabled | UserAccountControl flag (AccountDisabled/0x0002) |
Boolean | AccountDisabled | |||
| User cannot change password | UserAccountControl flag To set this: Modify the ACE |
Boolean | ||||
| Password never expires | UserAccountControl flag (DONT_EXPIRE_PASSWORD/0x10000) |
Boolean | ||||
| Store password using reversible encryption | UserAccountControl flag | Boolean | ||||
| User logon name | userPrincipalName | String(1024) | ||||
| Logon On To… (Logon Workstations) | userWorkstations | String(1024) | Yes | LoginWorkstations | ||
| Web page | wWWHomePage | String(2048) | HomePage | |||
| MS Exchange extensions | ExtensionAttribute1 | String(1024) | ||||
| MS Exchange extensions | ExtensionAttribute2 | String(1024) | ||||
| MS Exchange extensions | ExtensionAttribute... | String(1024) | ||||
| MS Exchange extensions | ExtensionAttribute14 | String(1024) | ||||
| MS Exchange extensions | ExtensionAttribute15 | String(1024) | ||||
| MS Exchange extensions 2010 | ExtensionCustomAttribute1 | Yes | ||||
| MS Exchange extensions 2010 | ExtensionCustomAttribute2 | Yes | ||||
| MS Exchange extensions 2010 | ExtensionCustomAttribute3 | Yes | ||||
| MS Exchange extensions 2010 | ExtensionCustomAttribute4 | Yes | ||||
| MS Exchange extensions 2010 | ExtensionCustomAttribute5 | Yes |
The Microsoft Exchange attributes aren’t used by any Exchange components.
They can be used to store additional data in Active Directory without having to extend the Active Directory schema.
Some basic examples of LDAP queries. Each entire LDAP statement must be encompassed in a set of parentheses( ).
Syntax = (EQUAL TO, The attribute must be equal to a certain value to be true.) e.g. find all objects that have the first name of Alice (givenName=Alice) & (logical AND, More than one condition must be true.) e.g. find all of the people that have the first name of Alice and live in Venice: (&(givenName=Alice)(l=Venice)) ! (logical NOT, Exclude objects with a certain attribute.) e.g. find all objects except those with the first name of Alice: (!givenName=Alice) * (Wildcard, match anything) e.g. find all objects that have a value (any value) for title (title=*) find a given name that starts with Al (givenName=Al*) | (Logical OR, either condition must be true) e.g. find all objects that are in Venice or in Milan: (|(l=Venice)(l=Milan))This LDAP query syntax can be combined for more complex questions
Find all objects that are in Venice or Milan, and that have the first name of Alice:
(&(givenName=Alice)(|(l=Venice)(l=Milan)))The ! operator in conjunction with the wildcard operator will look for objects where that attribute is not set to anything.
“We learn more by looking for the answer to a question and not finding it than we do from learning the answer itself” ~ Lloyd Alexander
Get-adGroup - Get one or more AD groups.
Get-adUser - Get one or more AD users.
ComputerInfo / UserInfo - Active Directory Users and Computers - custom search.
CSVDE / LDIFDE - Create, modify or delete directory objects.
Microsoft: Full list of Active Directory attributes.