User
This class is used to store information about an employee or contractor who works for an organization. It is also possible to apply this class to long term visitors.
Table Specific Information
Select
All columns support server-side processing for the operators =, >= , <=, !=, LIKE, AND, and OR. Other filters are executed client side within the driver. For example, the following query is processed by LDAP:
SELECT * FROM User WHERE Title Like '%abc%' AND AdminCount != '1' LIMIT 5You can turn off client-side execution by setting SupportEnhancedSQL to false in which case any search criteria that refer to any other operators will cause an error.
Insert
To add a User, all fields can be specified except Id, DN, and BaseDN. Required fields that should be provided are RDN and ObjectClass. For example:
INSERT INTO [User] (RDN, ObjectClass) VALUES ('CN=TestUser', 'Top; Person; OrganizationalPerson; User')
Update
All columns except Id, DN, and BaseDN can be updated by providing the Id in the WHERE clause. For example:
UPDATE User SET PostalCode = '94042' WHERE Id = '1|CN=NewUser,CN=Users,DC=MyDC'
Delete
Users can be deleted by providing the Id of the User in a DELETE statement. For example:
DELETE FROM User WHERE Id = '1|CN=NewUser,CN=Users,DC=MyDC'
Columns
Name | Type | ReadOnly | References | DataFormat | Description |
Id [KEY] | String | True |
Combined index and DN. Multiple indices are only possible when a column is set to SplitDataByRow. | ||
DN | String | True |
The full distinguished name. | ||
RDN | String | False |
The relative distinguished name. | ||
BaseDN | String | True |
The base distinguished name. | ||
ObjectClass | String | False | DelimitedData |
The list of classes from which this class is derived. | |
SN | String | False | DelimitedData |
This attribute contains the family or last name for a user. | |
CN | String | False | DelimitedData |
The name that represents an object. Used to perform searches. | |
UserPassword | String | False | DelimitedData |
The user's password in UTF-8 format. This is a write-only attribute. | |
TelephoneNumber | String | False | DelimitedData |
The primary telephone number. | |
SeeAlso | String | False | DelimitedData |
List of distinguished names that are related to an object. | |
Description | String | False | DelimitedData |
Contains the description to display for an object. This value is restricted as single-valued for backward compatibility in some cases but is allowed to be multi-valued in others. See Remarks. | |
Title | String | False | DelimitedData |
Contains the user's job title. This property is commonly used to indicate the formal job title, such as Senior Programmer, rather than occupational class, such as programmer. It is not typically used for suffix titles such as Esq. or DDS. | |
X121Address | String | False | DelimitedData |
The X.121 address for an object. | |
RegisteredAddress | String | False | DelimitedData |
Specifies a mnemonic for an address associated with an object at a particular city location. The mnemonic is registered in the country/region in which the city is located and is used in the provision of the Public Telegram Service. | |
DestinationIndicator | String | False | DelimitedData |
This is part of the X.500 specification and not used by NTDS. | |
PreferredDeliveryMethod | String | False | DelimitedData |
The X.500-preferred way to deliver to addressee. | |
TelexNumber | String | False | DelimitedData |
A list of alternate telex numbers. | |
TeletexTerminalIdentifier | String | False | DelimitedData |
Specifies the Teletex terminal identifier and, optionally, parameters, for a teletex terminal associated with an object. | |
InternationalISDNNumber | String | False | DelimitedData |
Specifies an International ISDN Number associated with an object. | |
FacsimileTelephoneNumber | String | False | DelimitedData |
Contains telephone number of the user's business fax machine. | |
Street | String | False | DelimitedData |
The street address. | |
PostOfficeBox | String | False | DelimitedData |
The post office box number for this object. | |
PostalCode | String | False | DelimitedData |
The postal or zip code for mail delivery. | |
PostalAddress | String | False | DelimitedData |
The mailing address for the object. | |
PhysicalDeliveryOfficeName | String | False | DelimitedData |
Contains the office location in the user's place of business. | |
OU | String | False | DelimitedData |
The name of the organizational unit. | |
ST | String | False | DelimitedData |
The name of a user's state or province. | |
L | String | False | DelimitedData |
Represents the name of a locality, such as a town or city. | |
UserCertificate | String | False | DelimitedData |
Contains the DER-encoded X.509v3 certificates issued to the user. Note that this property contains the public key certificates issued to this user by Microsoft Certificate Service. | |
NetworkAddress | String | False | DelimitedData |
The TCP/IP address for a network segment. Also called the subnet address. | |
UserAccountControl | String | False | DelimitedData |
Flags that control the behavior of the user account. | |
BadPwdCount | String | False | DelimitedData |
The number of times the user tried to log on to the account using an incorrect password. A value of 0 indicates that the value is unknown. | |
CodePage | String | False | DelimitedData |
Specifies the code page for the user's language of choice. This value is not used by Windows 2000. | |
HomeDirectory | String | False | DelimitedData |
The home directory for the account. If homeDrive is set and specifies a drive letter, homeDirectory must be a UNC path. Otherwise, homeDirectory is a fully qualified local path including the drive letter (for example, DriveLetter:\Directory\Folder). This value can be a null string. | |
HomeDrive | String | False | DelimitedData |
Specifies the drive letter to which to map the UNC path specified by homeDirectory. The drive letter must be specified in the form DriveLetter: where DriveLetter is the letter of the drive to map. The DriveLetter must be a single, uppercase letter and the colon (:) is required. | |
BadPasswordTime | String | False | DelimitedData |
The last time and date that an attempt to log on to this account was made with a password that is not valid. This value is stored as a large integer that represents the number of 100-nanosecond INTEGERs since January 1, 1601 (UTC). A value of zero means that the last time a incorrect password was used is unknown. | |
LastLogoff | String | False | DelimitedData |
This attribute is not used. | |
LastLogon | String | False | DelimitedData |
The last time the user logged on. This value is stored as a large integer that represents the number of 100-nanosecond INTEGERs since January 1, 1601 (UTC). A value of zero means that the last logon time is unknown. | |
DBCSPwd | String | False | DelimitedData |
The account's LAN Manager password. | |
LocaleID | String | False | DelimitedData |
This attribute contains a list of locale IDs supported by this application. A locale ID represents a geographic location, such as a country/region, city, county, and so on. | |
ScriptPath | String | False | DelimitedData |
This attribute specifies the path for the user's logon script. The string can be null. | |
LogonHours | String | False | DelimitedData |
The hours that the user is allowed to logon to the domain. | |
LogonWorkstation | String | False | DelimitedData |
This attribute is not used. See the User-Workstations attribute. | |
MaxStorage | String | False | DelimitedData |
The maximum amount of disk space the user can use. Use the value specified in USER_MAXSTORAGE_UNLIMITED to use all available disk space. | |
UserWorkstations | String | False | DelimitedData |
Contains the NetBIOS or DNS names of the computers running Windows NT Workstation or Windows 2000 Professional from which the user can log on. Each NetBIOS name is separated by a comma. Multiple names should be separated by commas. | |
UnicodePwd | String | False | DelimitedData |
The password of the user in Windows NT one-way format (OWF). Windows 2000 uses the Windows NT OWF. This property is used only by the operating system. Note that you cannot derive the clear password back from the OWF form of the password. | |
OtherLoginWorkstations | String | False | DelimitedData |
Non-Windows NT or LAN Manager workstations from which a user can log on. | |
NtPwdHistory | String | False | DelimitedData |
The password history of the user in Windows NT one-way format (OWF). Windows 2000 uses the Windows NT OWF. | |
PwdLastSet | String | False | DelimitedData |
The date and time that the password for this account was last changed. This value is stored as a large integer that represents the number of 100 nanosecond INTEGERs since January 1, 1601 (UTC). If this value is set to 0 and the User-Account-Control attribute does not contain the UF_DONT_EXPIRE_PASSWD flag, then the user must set the password at the next logon. | |
PreferredOU | String | False | DelimitedData |
The Organizational Unit to show by default on user' s desktop. | |
PrimaryGroupID | String | False | DelimitedData |
Contains the relative identifier (RID) for the primary group of the user. By default, this is the RID for the Domain Users group. | |
UserParameters | String | False | DelimitedData |
Parameters of the user. Points to a Unicode string that is set aside for use by applications. This string can be a null string, or it can have any number of characters before the terminating null character. Microsoft products use this member to store user data specific to the individual program. | |
ProfilePath | String | False | DelimitedData |
Specifies a path to the user's profile. This value can be a null string, a local absolute path, or a UNC path. | |
OperatorCount | String | False | DelimitedData |
Operator count. | |
AdminCount | String | False | DelimitedData |
Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). | |
AccountExpires | String | False | DelimitedData |
The date when the account expires. This value represents the number of 100-nanosecond INTEGERs since January 1, 1601 (UTC). A value of 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807) indicates that the account never expires. | |
LmPwdHistory | String | False | DelimitedData |
The password history of the user in LAN Manager (LM) one-way format (OWF). The LM OWF is used for compatibility with LAN Manager 2.x clients, Windows 95, and Windows 98. | |
GroupMembershipSAM | String | False | DelimitedData |
Windows NT Security. Down level Windows NT support. | |
LogonCount | String | False | DelimitedData |
The number of times the account has successfully logged on. A value of 0 indicates that the value is unknown. | |
ControlAccessRights | String | False | DelimitedData |
Used by DS Security to determine which users can perform specific operations on the host object. | |
DefaultClassStore | String | False | DelimitedData |
The default Class Store for a given user. | |
GroupsToIgnore | String | False | DelimitedData |
The Groups-to-Ignore attribute is not currently used. | |
GroupPriority | String | False | DelimitedData |
The Group-Priority attribute is not currently used. | |
DesktopProfile | String | False | DelimitedData |
The location of the desktop profile for a user or group of users. Not used. | |
DynamicLDAPServer | String | False | DelimitedData |
DNS name of server handing dynamic properties for this account. | |
UserPrincipalName | String | False | DelimitedData |
This attribute contains the UPN that is an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. By convention, this should map to the user email name. The value set for this attribute is equal to the length of the user's ID and the domain name. For more information about this attribute, see User Naming Attributes. | |
LockoutTime | String | False | DelimitedData |
The date and time (UTC) that this account was locked out. This value is stored as a large integer that represents the number of 100-nanosecond INTEGERs since January 1, 1601 (UTC). A value of zero means that the account is not currently locked out. | |
UserSharedFolder | String | False | DelimitedData |
Specifies a UNC path to the user's shared documents folder. The path must be a network UNC path of the form \\Server\Share\Directory. This value can be a null string. | |
UserSharedFolderOther | String | False | DelimitedData |
Specifies a UNC path to the user's additional shared documents folder. The path must be a network UNC path of the form \\Server\Share\Directory. This value can be a null string. | |
ServicePrincipalName | String | False | DelimitedData |
List of principal names used for mutual authentication with an instance of a service on this computer. | |
ACSPolicyName | String | False | DelimitedData |
String name of an ACS policy that applies to this user. | |
TerminalServer | String | False | DelimitedData |
Opaque data used by the Windows NT terminal server. | |
MSMQSignCertificates | String | False | DelimitedData |
This attribute contains a number of certificates. A user can generate a certificate per computer. For each certificate we also keep a digest. | |
MSMQDigests | String | False | DelimitedData |
An array of digests of the corresponding certificates in attribute mSMQ-Sign-Certificates. They are used for mapping a digest into a certificate. | |
MSMQDigestsMig | String | False | DelimitedData |
In MSMQ mixed-mode, contains the previous value of mSMQDigests. | |
MSMQSignCertificatesMig | String | False | DelimitedData |
In MSMQ mixed-mode, the attribute contains the previous value of mSMQSignCertificates. MSMQ supports migration from the MSMQ 1.0 DS to the Windows 2000 DS, and mixed mode specifies a state in which some of the DS severs were not upgraded to Windows 2000. | |
MsNPAllowDialin | String | False | DelimitedData |
Indicates whether the account has permission to dial in to the RAS server. Do not modify this value directly. Use the appropriate RAS administration function to modify this value. | |
MsNPCallingStationID | String | False | DelimitedData |
The msNPCallingStationID attribute is used internally. Do not modify this value directly. | |
MsNPSavedCallingStationID | String | False | DelimitedData |
The msNPSavedCallingStationID attribute is used internally. Do not modify this value directly. | |
MsRADIUSCallbackNumber | String | False | DelimitedData |
The msRADIUSCallbackNumber attribute is used internally. Do not modify this value directly. | |
MsRADIUSFramedIPAddress | String | False | DelimitedData |
The msRADIUSFramedIPAddress attribute is used internally. Do not modify this value directly. | |
MsRADIUSFramedRoute | String | False | DelimitedData |
The msRADIUSFramedRoute attribute is used internally. Do not modify this value directly. | |
MsRADIUSServiceType | String | False | DelimitedData |
The msRADIUSServiceType attribute is used internally. Do not modify this value directly. | |
MsRASSavedCallbackNumber | String | False | DelimitedData |
The msRASSavedCallbackNumber attribute is used internally. Do not modify this value directly. | |
MsRASSavedFramedIPAddress | String | False | DelimitedData |
The msRASSavedFramedIPAddress attribute is used internally. Do not modify this value directly. | |
MsRASSavedFramedRoute | String | False | DelimitedData |
The msRASSavedFramedRoute attribute is used internally. Do not modify this value directly. | |
MS-DS-CreatorSID | String | False | DelimitedData |
The security ID of the creator of the object that contains this attribute. |
Pseudo-Columns
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
Filter | String |
Defines the LDAP filter explicitly, overriding any other values set in the WHERE clause. |