User
This class is used to store information about an employee or contractor who works for an organization. It is also possible to apply this class to long term visitors.
Table Specific Information
Select
All columns support server-side processing for the operators =, >= , <=, !=, LIKE, AND, and OR. Other filters are executed client side within the cmdlet. For example, the following query is processed by Microsoft Active Directory:
SELECT * FROM User WHERE Title LIKE '%abc%' AND AdminCount != '1' LIMIT 5
Insert
To add a User, all fields can be specified except Id, DN, and BaseDN. Required fields that should be provided are RDN and ObjectClass. For example:
INSERT INTO [User] (RDN, ObjectClass) VALUES ('CN=TestUser', 'Top; Person; OrganizationalPerson; User')
Update
All columns except Id, DN, and BaseDN can be updated by providing the Id in the WHERE clause. For example:
UPDATE User SET PostalCode = '94042' WHERE Id = '1|CN=NewUser,CN=Users,DC=MyDC'
Delete
Users can be deleted by providing the Id of the User in a DELETE statement. For example:
DELETE FROM User WHERE Id = '1|CN=NewUser,CN=Users,DC=MyDC'
Columns
Name | Type | ReadOnly | References | DataFormat | Description |
Id [KEY] | String | True |
Combined index and DN. Multiple indices are only possible when a column is set to SplitDataByRow. | ||
DN | String | True |
The full distinguished name. | ||
RDN | String | False |
The relative distinguished name. | ||
BaseDN | String | True |
The base distinguished name. | ||
InstanceType | String | False | DelimitedData |
A bitfield that dictates how the object is instantiated on a particular server. The value of this attribute can differ on different replicas even if the replicas are in sync. | |
NTSecurityDescriptor | String | False | DelimitedData |
The Windows NT security descriptor for the schema object. A security descriptor is a data structure that contains security information about an object, such as the ownership and permissions of the object. | |
ObjectCategory | String | False | DelimitedData |
An object class name used to group objects of this or derived classes. | |
ObjectClass | String | False | DelimitedData |
The list of classes from which this class is derived. | |
SAMAccountName | String | False | DelimitedData |
The logon name used to support clients and servers running earlier versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. | |
AccountExpires | Datetime | False | DelimitedData |
The date when the account expires. This value represents the number of 100-nanosecond intervals since January 1, 1601 (UTC). A value of 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807) indicates that the account never expires. | |
AccountNameHistory | String | False | DelimitedData |
The length of time that the account has been active. | |
ACSPolicyName | String | False | DelimitedData |
String name of an ACS policy that applies to this user. | |
StreetAddress | String | False | DelimitedData |
The user's address. | |
HomePostalAddress | String | False | DelimitedData |
A user's home address. | |
AdminCount | String | False | DelimitedData |
Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). | |
AdminDescription | String | False | DelimitedData |
The description displayed on admin screens. | |
AdminDisplayName | String | False | DelimitedData |
The name to be displayed on admin screens. | |
AllowedAttributes | String | False | DelimitedData |
Attributes that will be permitted to be assigned to a class. | |
AllowedAttributesEffective | String | False | DelimitedData |
A list of attributes that can be modified on the object. | |
AllowedChildClasses | String | False | DelimitedData |
Classes that can be contained by a class. | |
AllowedChildClassesEffective | String | False | DelimitedData |
A list of classes that can be modified. | |
AltSecurityIdentities | String | False | DelimitedData |
Contains mappings for X.509 certificates or external Kerberos user accounts to this user for the purpose of authentication. | |
Assistant | String | False | DelimitedData |
The distinguished name of a user's administrative assistant. | |
BadPasswordTime | Datetime | False | DelimitedData |
The last time and date that an attempt to log on to this account was made with a password that is not valid. This value is stored as a large integer that represents the number of 100-nanosecond intervals since January 1, 1601 (UTC). A value of zero means that the last time a incorrect password was used is unknown. | |
BadPwdCount | String | False | DelimitedData |
The number of times the user tried to log on to the account using an incorrect password. A value of 0 indicates that the value is unknown. | |
BridgeheadServerListBL | String | False | DelimitedData |
The list of servers that are bridgeheads for replication. | |
CanonicalName | String | False | DelimitedData |
The name of the object in canonical format. myserver2.fabrikam.com/users/jeffsmith is an example of a distinguished name in canonical format. This is a constructed attribute. The results returned are identical to those returned by the following Active Directory function: DsCrackNames(NULL, DS_NAME_FLAG_SYNTACTICAL_ONLY, DS_FQDN_1779_NAME, DS_CANONICAL_NAME, ...). | |
CodePage | String | False | DelimitedData |
Specifies the code page for the user's language of choice. This value is not used by Windows 2000. | |
Info | String | False | DelimitedData |
The user's comments. This string can be a null string. | |
Cn | String | False | DelimitedData |
The name that represents an object. Used to perform searches. | |
Company | String | False | DelimitedData |
The user's company name. | |
ControlAccessRights | String | False | DelimitedData |
Used by DS Security to determine which users can perform specific operations on the host object. | |
CountryCode | String | False | DelimitedData |
Specifies the country/region code for the user's language of choice. This value is not used by Windows 2000. | |
C | String | False | DelimitedData |
The country/region in the address of the user. The country/region is represented as a 2-character code based on ISO-3166. | |
CreateTimeStamp | Datetime | False | DelimitedData |
The date when this object was created. This value is replicated. | |
DBCSPwd | String | False | DelimitedData |
The account's LAN Manager password. | |
DefaultClassStore | String | False | DelimitedData |
The default Class Store for a given user. | |
Department | String | False | DelimitedData |
Contains the name for the department in which the user works. | |
Description | String | False | DelimitedData |
Contains the description to display for an object. This value is restricted as single-valued for backward compatibility in some cases but is allowed to be multi-valued in others. See Remarks. | |
DesktopProfile | String | False | DelimitedData |
The location of the desktop profile for a user or group of users. Not used. | |
DestinationIndicator | String | False | DelimitedData |
This is part of the X.500 specification and not used by NTDS. | |
DisplayName | String | False | DelimitedData |
The display name for an object. This is usually the combination of the users first name, middle initial, and last name. | |
DisplayNamePrintable | String | False | DelimitedData |
The printable display name for an object. The printable display name is usually the combination of the user's first name, middle initial, and last name. | |
Division | String | False | DelimitedData |
The user's division. | |
DSASignature | String | False | DelimitedData |
The DSA-Signature of an object is the Invocation-ID of the last directory to modify the object. | |
DSCorePropagationData | String | False | DelimitedData |
The DS-Core-Propagation-Data attribute is for internal use only. | |
DynamicLDAPServer | String | False | DelimitedData |
DNS name of server handing dynamic properties for this account. | |
String | False | DelimitedData |
The list of email addresses for a contact. | ||
EmployeeID | String | False | DelimitedData |
The ID of an employee. | |
EmployeeNumber | String | False | DelimitedData |
The number for an employee. | |
EmployeeType | String | False | DelimitedData |
The job category for an employee. | |
ExtensionName | String | False | DelimitedData |
The name of a property page used to extend the UI of a directory object. | |
FacsimileTelephoneNumber | String | False | DelimitedData |
Contains telephone number of the user's business fax machine. | |
Flags | String | False | DelimitedData |
To be used by the object to store bit information. | |
FromEntry | String | False | DelimitedData |
This is a constructed attribute that is TRUE if the object is writable and FALSE if it is read-only, for example, a GC replica instance. | |
FrsComputerReferenceBL | String | False | DelimitedData |
Reference to replica sets to which this computer belongs. | |
FRSMemberReferenceBL | String | False | DelimitedData |
Reference to subscriber objects for this member. | |
FSMORoleOwner | String | False | DelimitedData |
Flexible Single-Master Operation: The distinguished name of the DC where the schema can be modified. | |
GarbageCollPeriod | String | False | DelimitedData |
This attribute is located on the CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,... object. It represents the time, in hours, between DS garbage collection runs. | |
GenerationQualifier | String | False | DelimitedData |
Indicates a person generation. For example, Jr. or II. | |
GivenName | String | False | DelimitedData |
Contains the given name (first name) of the user. | |
GroupMembershipSAM | String | False | DelimitedData |
Windows NT Security. Down level Windows NT support. | |
GroupPriority | String | False | DelimitedData |
The Group-Priority attribute is not currently used. | |
GroupsToIgnore | String | False | DelimitedData |
The Groups-to-Ignore attribute is not currently used. | |
HomeDirectory | String | False | DelimitedData |
The home directory for the account. If homeDrive is set and specifies a drive letter, homeDirectory must be a UNC path. Otherwise, homeDirectory is a fully qualified local path including the drive letter (for example, DriveLetter:\Directory\Folder). This value can be a null string. | |
HomeDrive | String | False | DelimitedData |
Specifies the drive letter to which to map the UNC path specified by homeDirectory. The drive letter must be specified in the form DriveLetter: where DriveLetter is the letter of the drive to map. The DriveLetter must be a single, uppercase letter and the colon (:) is required. | |
Initials | String | False | DelimitedData |
Contains the initials for parts of the user's full name. This may be used as the middle initial in the Windows Address Book. | |
InternationalISDNNumber | String | False | DelimitedData |
Specifies an International ISDN Number associated with an object. | |
IsCriticalSystemObject | String | False | DelimitedData |
If TRUE, the object hosting this attribute must be replicated during installation of a new replica. | |
IsDeleted | String | False | DelimitedData |
If TRUE, this object has been marked for deletion and cannot be instantiated. After the tombstone period has expired, it will be removed from the system. | |
MemberOf | String | True | DelimitedData |
The distinguished name of the groups to which this object belongs. | |
IsPrivilegeHolder | String | False | DelimitedData |
Backward link to privileges held by a given principal. | |
LastKnownParent | String | False | DelimitedData |
The Distinguished Name (DN) of the last known parent of an orphaned object. | |
LastLogoff | String | False | DelimitedData |
This attribute is not used. | |
LastLogon | Datetime | False | DelimitedData |
The last time the user logged on. This value is stored as a large integer that represents the number of 100-nanosecond intervals since January 1, 1601 (UTC). A value of zero means that the last logon time is unknown. | |
LegacyExchangeDN | String | False | DelimitedData |
The distinguished name previously used by Exchange. | |
LmPwdHistory | String | False | DelimitedData |
The password history of the user in LAN Manager (LM) one-way format (OWF). The LM OWF is used for compatibility with LAN Manager 2.x clients, Windows 95, and Windows 98. | |
LocaleID | String | False | DelimitedData |
This attribute contains a list of locale IDs supported by this application. A locale ID represents a geographic location, such as a country/region, city, county, and so on. | |
L | String | False | DelimitedData |
Represents the name of a locality, such as a town or city. | |
LockoutTime | Datetime | False | DelimitedData |
The date and time (UTC) that this account was locked out. This value is stored as a large integer that represents the number of 100-nanosecond intervals since January 1, 1601 (UTC). A value of zero means that the account is not currently locked out. | |
ThumbnailLogo | String | False | DelimitedData |
BLOB that contains a logo for this object. | |
LogonCount | String | False | DelimitedData |
The number of times the account has successfully logged on. A value of 0 indicates that the value is unknown. | |
LogonHours | String | False | DelimitedData |
The hours that the user is allowed to logon to the domain. | |
LogonWorkstation | String | False | DelimitedData |
This attribute is not used. See the User-Workstations attribute. | |
ManagedObjects | String | False | DelimitedData |
Contains the list of objects that are managed by the user. The objects listed are those that have the property managedBy property set to this user. Each item in the list is a linked reference to the managed object. | |
Manager | String | False | DelimitedData |
Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name. | |
MasteredBy | String | False | DelimitedData |
Backward link for Has-Master-NCs attribute. The distinguished name for its NTDS Settings objects. | |
MaxStorage | String | False | DelimitedData |
The maximum amount of disk space the user can use. Use the value specified in USER_MAXSTORAGE_UNLIMITED to use all available disk space. | |
MhsORAddress | String | False | DelimitedData |
X.400 address. | |
ModifyTimeStamp | Datetime | False | DelimitedData |
A computed attribute that represents the date when this object was last changed. This value is not replicated. | |
MS-DS-ConsistencyChildCount | String | False | DelimitedData |
This attribute is used to check consistency between the directory and another object, database, or application, by comparing a count of child objects. | |
MS-DS-ConsistencyGuid | String | False | DelimitedData |
This attribute is used to check consistency between the directory and another object, database, or application, by comparing GUIDs. | |
MS-DS-CreatorSID | String | False | DelimitedData |
The security ID of the creator of the object that contains this attribute. | |
MSMQDigests | String | False | DelimitedData |
An array of digests of the corresponding certificates in attribute mSMQ-Sign-Certificates. They are used for mapping a digest into a certificate. | |
MSMQDigestsMig | String | False | DelimitedData |
In MSMQ mixed-mode, contains the previous value of mSMQDigests. | |
MSMQSignCertificates | String | False | DelimitedData |
This attribute contains a number of certificates. A user can generate a certificate per computer. For each certificate we also keep a digest. | |
MSMQSignCertificatesMig | String | False | DelimitedData |
In MSMQ mixed-mode, the attribute contains the previous value of mSMQSignCertificates. MSMQ supports migration from the MSMQ 1.0 DS to the Windows 2000 DS, and mixed mode specifies a state in which some of the DS severs were not upgraded to Windows 2000. | |
MsNPAllowDialin | String | False | DelimitedData |
Indicates whether the account has permission to dial in to the RAS server. Do not modify this value directly. Use the appropriate RAS administration function to modify this value. | |
MsNPCallingStationID | String | False | DelimitedData |
The msNPCallingStationID attribute is used internally. Do not modify this value directly. | |
MsNPSavedCallingStationID | String | False | DelimitedData |
The msNPSavedCallingStationID attribute is used internally. Do not modify this value directly. | |
MsRADIUSCallbackNumber | String | False | DelimitedData |
The msRADIUSCallbackNumber attribute is used internally. Do not modify this value directly. | |
MsRADIUSFramedIPAddress | String | False | DelimitedData |
The msRADIUSFramedIPAddress attribute is used internally. Do not modify this value directly. | |
MsRADIUSFramedRoute | String | False | DelimitedData |
The msRADIUSFramedRoute attribute is used internally. Do not modify this value directly. | |
MsRADIUSServiceType | String | False | DelimitedData |
The msRADIUSServiceType attribute is used internally. Do not modify this value directly. | |
MsRASSavedCallbackNumber | String | False | DelimitedData |
The msRASSavedCallbackNumber attribute is used internally. Do not modify this value directly. | |
MsRASSavedFramedIPAddress | String | False | DelimitedData |
The msRASSavedFramedIPAddress attribute is used internally. Do not modify this value directly. | |
MsRASSavedFramedRoute | String | False | DelimitedData |
The msRASSavedFramedRoute attribute is used internally. Do not modify this value directly. | |
NetbootSCPBL | String | False | DelimitedData |
A list of service connection points that reference this NetBoot server. | |
NetworkAddress | String | False | DelimitedData |
The TCP/IP address for a network segment. Also called the subnet address. | |
NonSecurityMemberBL | String | False | DelimitedData |
List of nonsecurity-members for an Exchange distribution list. | |
NtPwdHistory | String | False | DelimitedData |
The password history of the user in Windows NT one-way format (OWF). Windows 2000 uses the Windows NT OWF. | |
DistinguishedName | String | False | DelimitedData |
Same as the Distinguished Name for an object. Used by Exchange. | |
ObjectGUID | String | False | DelimitedData |
The unique identifier for an object. | |
ObjectSid | String | False | DelimitedData |
A binary value that specifies the security identifier (SID) of the user. The SID is a unique value used to identify the user as a security principal. | |
ObjectVersion | String | False | DelimitedData |
This can be used to store a version number for the object. | |
OperatorCount | String | False | DelimitedData |
Operator count. | |
Ou | String | False | DelimitedData |
The name of the organizational unit. | |
O | String | False | DelimitedData |
The name of the company or organization. | |
OtherLoginWorkstations | String | False | DelimitedData |
Non-Windows NT or LAN Manager workstations from which a user can log on. | |
OtherMailbox | String | False | DelimitedData |
Contains other additional mail addresses in a form such as CCMAIL: BruceKeever. | |
MiddleName | String | False | DelimitedData |
Additional names for a user. For example, middle name, patronymic, matronymic, or others. | |
OtherWellKnownObjects | String | False | DelimitedData |
Contains a list of containers by GUID and Distinguished Name. This permits retrieving an object after it has been moved by using just the GUID and the domain name. Whenever the object is moved, the system automatically updates the Distinguished Name. | |
PartialAttributeDeletionList | String | False | DelimitedData |
Tracks the internal replication state of partial replicas (that is, on GCs). Attribute of the partial replica NC object. Used when the GC is in the process of removing attributes from the objects in its partial replica NCs. | |
PartialAttributeSet | String | False | DelimitedData |
Tracks the internal replication state of partial replicas (that is, on GCs). Attribute of the partial replica NC object. Defines the set of attributes present on a particular partial replica NC. | |
PersonalTitle | String | False | DelimitedData |
The user's title. | |
OtherFacsimileTelephoneNumber | String | False | DelimitedData |
A list of alternate facsimile numbers. | |
OtherHomePhone | String | False | DelimitedData |
A list of alternate home phone numbers. | |
HomePhone | String | False | DelimitedData |
The user's main home phone number. | |
OtherIpPhone | String | False | DelimitedData |
The list of alternate TCP/IP addresses for the phone. Used by Telephony. | |
IpPhone | String | False | DelimitedData |
The TCP/IP address for the phone. Used by Telephony. | |
PrimaryInternationalISDNNumber | String | False | DelimitedData |
The primary ISDN. | |
OtherMobile | String | False | DelimitedData |
A list of alternate mobile phone numbers. | |
Mobile | String | False | DelimitedData |
The primary mobile phone number. | |
OtherTelephone | String | False | DelimitedData |
A list of alternate office phone numbers. | |
OtherPager | String | False | DelimitedData |
A list of alternate pager numbers. | |
Pager | String | False | DelimitedData |
The primary pager number. | |
PhysicalDeliveryOfficeName | String | False | DelimitedData |
Contains the office location in the user's place of business. | |
ThumbnailPhoto | String | False | DelimitedData |
An image of the user. A space-efficient format like JPEG or GIF is recommended. | |
PossibleInferiors | String | False | DelimitedData |
The list of objects that this object can contain. | |
PostalAddress | String | False | DelimitedData |
The mailing address for the object. | |
PostalCode | String | False | DelimitedData |
The postal or zip code for mail delivery. | |
PostOfficeBox | String | False | DelimitedData |
The post office box number for this object. | |
PreferredDeliveryMethod | String | False | DelimitedData |
The X.500-preferred way to deliver to addressee. | |
PreferredOU | String | False | DelimitedData |
The Organizational Unit to show by default on user' s desktop. | |
PrimaryGroupID | String | False | DelimitedData |
Contains the relative identifier (RID) for the primary group of the user. By default, this is the RID for the Domain Users group. | |
ProfilePath | String | False | DelimitedData |
Specifies a path to the user's profile. This value can be a null string, a local absolute path, or a UNC path. | |
ProxiedObjectName | String | False | DelimitedData |
This attribute is used internally by Active Directory to help track interdomain moves. | |
ProxyAddresses | String | False | DelimitedData |
A proxy address is the address by which a Microsoft Exchange Server recipient object is recognized in a foreign mail system. Proxy addresses are required for all recipient objects, such as custom recipients and distribution lists. | |
PwdLastSet | Datetime | False | DelimitedData |
The date and time that the password for this account was last changed. This value is stored as a large integer that represents the number of 100 nanosecond intervals since January 1, 1601 (UTC). If this value is set to 0 and the User-Account-Control attribute does not contain the UF_DONT_EXPIRE_PASSWD flag, then the user must set the password at the next logon. | |
QueryPolicyBL | String | False | DelimitedData |
List of all objects holding references to a given Query-Policy. | |
Name | String | True | DelimitedData |
The Relative Distinguished Name (RDN) of an object. An RDN is the relative portion of a distinguished name (DN), which uniquely identifies an LDAP object. | |
RegisteredAddress | String | False | DelimitedData |
Specifies a mnemonic for an address associated with an object at a particular city location. The mnemonic is registered in the country/region in which the city is located and is used in the provision of the Public Telegram Service. | |
ReplPropertyMetaData | String | False | DelimitedData |
Tracks internal replication state information for DS objects. Information here can be extracted in public form through the public API DsReplicaGetInfo(). Present on all DS objects. | |
ReplUpToDateVector | String | False | DelimitedData |
Tracks internal replication state information for an entire NC. Information here can be extracted in public form through the API DsReplicaGetInfo(). Present on all NC root objects. | |
DirectReports | String | False | DelimitedData |
Contains the list of users that directly report to the user. The users listed as reports are those that have the property manager property set to this user. Each item in the list is a linked reference to the object that represents the user. | |
RepsFrom | String | False | DelimitedData |
Lists the servers from which the directory will accept changes for the defined naming context. | |
RepsTo | String | False | DelimitedData |
Lists the servers that the directory will notify of changes and servers to which the directory will send changes on Request for the defined naming context. | |
Revision | String | False | DelimitedData |
The revision level for a security descriptor or other change. Only used in the sam-server and ds-ui-settings objects. | |
Rid | String | False | DelimitedData |
The relative Identifier of an object. | |
SAMAccountType | String | False | DelimitedData |
This attribute contains information about every account type object. You can enumerate a list of account types or you can use the Display Information API to create a list. Because computers, normal user accounts, and trust accounts can also be enumerated as user objects, the values for these accounts must be a contiguous range. | |
ScriptPath | String | False | DelimitedData |
This attribute specifies the path for the user's logon script. The string can be null. | |
SDRightsEffective | String | False | DelimitedData |
This constructed attribute returns a single DWORD value that can have up to three bits set: | |
SecurityIdentifier | String | False | DelimitedData |
A unique value of variable length used to identify a user account, group account, or logon session to which an ACE applies. | |
SeeAlso | String | False | DelimitedData |
List of distinguished names that are related to an object. | |
ServerReferenceBL | String | False | DelimitedData |
Found in the domain naming context. The distinguished name of a computer under the sites folder. | |
ServicePrincipalName | String | False | DelimitedData |
List of principal names used for mutual authentication with an instance of a service on this computer. | |
ShowInAddressBook | String | False | DelimitedData |
This attribute is used to indicate in which MAPI address books an object will appear. It is usually maintained by the Exchange Recipient Update Service. | |
ShowInAdvancedViewOnly | String | False | DelimitedData |
TRUE if this attribute is to be visible in the Advanced mode of the UI. | |
SIDHistory | String | False | DelimitedData |
Contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and that new SID becomes the objectSID. The previous SID is added to the sIDHistory property. | |
SiteObjectBL | String | False | DelimitedData |
The list of distinguished names for subnets that belong to this site. | |
St | String | False | DelimitedData |
The name of a user's state or province. | |
Street | String | False | DelimitedData |
The street address. | |
SubRefs | String | False | DelimitedData |
List of subordinate references of a Naming Context. | |
SubSchemaSubEntry | String | False | DelimitedData |
The distinguished name for the location of the subschema object where a class or attribute is defined. | |
SupplementalCredentials | String | False | DelimitedData |
Stored credentials for use in authenticating. The encrypted version of the user's password. This attribute is neither readable nor writable. | |
Sn | String | False | DelimitedData |
This attribute contains the family or last name for a user. | |
SystemFlags | String | False | DelimitedData |
An integer value that contains flags that define additional properties of the class. See Remarks. | |
TelephoneNumber | String | False | DelimitedData |
The primary telephone number. | |
TeletexTerminalIdentifier | String | False | DelimitedData |
Specifies the Teletex terminal identifier and, optionally, parameters, for a teletex terminal associated with an object. | |
TelexNumber | String | False | DelimitedData |
A list of alternate telex numbers. | |
PrimaryTelexNumber | String | False | DelimitedData |
The primary telex number. | |
TerminalServer | String | False | DelimitedData |
Opaque data used by the Windows NT terminal server. | |
Co | String | False | DelimitedData |
The country/region in which the user is located. | |
TextEncodedORAddress | String | False | DelimitedData |
This attribute is used to support X.400 addresses in a text format. | |
Title | String | False | DelimitedData |
Contains the user's job title. This property is commonly used to indicate the formal job title, such as Senior Programmer, rather than occupational class, such as programmer. It is not typically used for suffix titles such as Esq. or DDS. | |
UnicodePwd | String | False | DelimitedData |
The password of the user in Windows NT one-way format (OWF). Windows 2000 uses the Windows NT OWF. This property is used only by the operating system. Note that you cannot derive the clear password back from the OWF form of the password. | |
UserAccountControl | String | False | DelimitedData |
Flags that control the behavior of the user account. | |
UserCert | String | False | DelimitedData |
Nortel v1 or DMS certificates. | |
Comment | String | False | DelimitedData |
The user's comments. | |
UserParameters | String | False | DelimitedData |
Parameters of the user. Points to a Unicode string that is set aside for use by applications. This string can be a null string, or it can have any number of characters before the terminating null character. Microsoft products use this member to store user data specific to the individual program. | |
UserPassword | String | False | DelimitedData |
The user's password in UTF-8 format. This is a write-only attribute. | |
UserPrincipalName | String | False | DelimitedData |
This attribute contains the UPN that is an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. By convention, this should map to the user email name. The value set for this attribute is equal to the length of the user's ID and the domain name. For more information about this attribute, see User Naming Attributes. | |
UserSharedFolder | String | False | DelimitedData |
Specifies a UNC path to the user's shared documents folder. The path must be a network UNC path of the form \\Server\Share\Directory. This value can be a null string. | |
UserSharedFolderOther | String | False | DelimitedData |
Specifies a UNC path to the user's additional shared documents folder. The path must be a network UNC path of the form \\Server\Share\Directory. This value can be a null string. | |
UserSMIMECertificate | String | False | DelimitedData |
Certificate distribution object or tagged certificates. | |
UserWorkstations | String | False | DelimitedData |
Contains the NetBIOS or DNS names of the computers running Windows NT Workstation or Windows 2000 Professional from which the user can log on. Each NetBIOS name is separated by a comma. Multiple names should be separated by commas. | |
USNChanged | String | False | DelimitedData |
The update sequence number (USN) assigned by the local directory for the latest change, including creation. See also , USN-Created. | |
USNCreated | String | False | DelimitedData |
The update sequence number (USN) assigned at object creation. See also, USN-Changed. | |
USNDSALastObjRemoved | String | False | DelimitedData |
Contains the update sequence number (USN) for the last system object that was removed from a server. | |
USNIntersite | String | False | DelimitedData |
The update sequence number (USN) for inter-site replication. | |
USNLastObjRem | String | False | DelimitedData |
Contains the update sequence number (USN) for the last non-system object that was removed from a server. | |
USNSource | String | False | DelimitedData |
Value of the USN-Changed attribute of the object from the remote directory that replicated the change to the local server. | |
WbemPath | String | False | DelimitedData |
References to objects in other ADSI namespaces. | |
WellKnownObjects | String | False | DelimitedData |
This attribute contains a list of well-known object containers by GUID and distinguished name. The well-known objects are system containers. This information is used to retrieve an object after it has been moved by using just the GUID and the domain name. Whenever the object is moved, the system automatically updates the Distinguished Name portion of the Well-Known-Objects values that referred to the object. The file Ntdsapi.h contains the following definitions, which can be used to retrieve an object (the GUIDs that are associated to these objects are contained in Ntdsapi.h): | |
WhenChanged | Datetime | False | DelimitedData |
The date when this object was last changed. This value is not replicated and exists in the global catalog. | |
WhenCreated | Datetime | False | DelimitedData |
The date when this object was created. This value is replicated and is in the global catalog. | |
WWWHomePage | String | False | DelimitedData |
A web page that is the primary landing page of a website. | |
Url | String | False | DelimitedData |
A list of alternate webpages. | |
X121Address | String | False | DelimitedData |
The X.121 address for an object. | |
UserCertificate | String | False | DelimitedData |
Contains the DER-encoded X.509v3 certificates issued to the user. Note that this property contains the public key certificates issued to this user by Microsoft Certificate Service. |
Pseudo-Columns
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
Filter | String |
Defines the LDAP filter explicitly, overriding any other values set in the WHERE clause. |