Cmdlets for LDAP

Build 24.0.9062

User

This class is used to store information about an employee or contractor who works for an organization. It is also possible to apply this class to long term visitors.

Table Specific Information

Select

All columns support server-side processing for the operators =, >= , <=, !=, LIKE, AND, and OR. Other filters are executed client side within the 本製品. For example, the following query is processed by LDAP:

SELECT * FROM User WHERE  Title LIKE '%abc%' AND  AdminCount != '1' LIMIT 5 

Insert

To add a User, all fields can be specified except Id, DN, and BaseDN. Required fields that should be provided are RDN and ObjectClass. For example:

INSERT INTO [User] (RDN, ObjectClass) VALUES ('CN=TestUser', 'Top; Person; OrganizationalPerson; User')

Update

All columns except Id, DN, and BaseDN can be updated by providing the Id in the WHERE clause. For example:

UPDATE User SET PostalCode = '94042' WHERE Id = '1|CN=NewUser,CN=Users,DC=MyDC'

Delete

Users can be deleted by providing the Id of the User in a DELETE statement. For example:

DELETE FROM User WHERE Id = '1|CN=NewUser,CN=Users,DC=MyDC'

Columns

Name Type ReadOnly References DataFormat Description
Id [KEY] String True

Combined index and DN. Multiple indices are only possible when a column is set to SplitDataByRow.

DN String True

The full distinguished name.

RDN String False

The relative distinguished name.

BaseDN String True

The base distinguished name.

ObjectClass String False DelimitedData

The list of classes from which this class is derived.

SN String False DelimitedData

This attribute contains the family or last name for a user.

CN String False DelimitedData

The name that represents an object. Used to perform searches.

UserPassword String False DelimitedData

The user's password in UTF-8 format. This is a write-only attribute.

TelephoneNumber String False DelimitedData

The primary telephone number.

SeeAlso String False DelimitedData

List of distinguished names that are related to an object.

Description String False DelimitedData

Contains the description to display for an object. This value is restricted as single-valued for backward compatibility in some cases but is allowed to be multi-valued in others. See Remarks.

Title String False DelimitedData

Contains the user's job title. This property is commonly used to indicate the formal job title, such as Senior Programmer, rather than occupational class, such as programmer. It is not typically used for suffix titles such as Esq. or DDS.

X121Address String False DelimitedData

The X.121 address for an object.

RegisteredAddress String False DelimitedData

Specifies a mnemonic for an address associated with an object at a particular city location. The mnemonic is registered in the country/region in which the city is located and is used in the provision of the Public Telegram Service.

DestinationIndicator String False DelimitedData

This is part of the X.500 specification and not used by NTDS.

PreferredDeliveryMethod String False DelimitedData

The X.500-preferred way to deliver to addressee.

TelexNumber String False DelimitedData

A list of alternate telex numbers.

TeletexTerminalIdentifier String False DelimitedData

Specifies the Teletex terminal identifier and, optionally, parameters, for a teletex terminal associated with an object.

InternationalISDNNumber String False DelimitedData

Specifies an International ISDN Number associated with an object.

FacsimileTelephoneNumber String False DelimitedData

Contains telephone number of the user's business fax machine.

Street String False DelimitedData

The street address.

PostOfficeBox String False DelimitedData

The post office box number for this object.

PostalCode String False DelimitedData

The postal or zip code for mail delivery.

PostalAddress String False DelimitedData

The mailing address for the object.

PhysicalDeliveryOfficeName String False DelimitedData

Contains the office location in the user's place of business.

OU String False DelimitedData

The name of the organizational unit.

ST String False DelimitedData

The name of a user's state or province.

L String False DelimitedData

Represents the name of a locality, such as a town or city.

UserCertificate String False DelimitedData

Contains the DER-encoded X.509v3 certificates issued to the user. Note that this property contains the public key certificates issued to this user by Microsoft Certificate Service.

NetworkAddress String False DelimitedData

The TCP/IP address for a network segment. Also called the subnet address.

UserAccountControl String False DelimitedData

Flags that control the behavior of the user account.

BadPwdCount String False DelimitedData

The number of times the user tried to log on to the account using an incorrect password. A value of 0 indicates that the value is unknown.

CodePage String False DelimitedData

Specifies the code page for the user's language of choice. This value is not used by Windows 2000.

HomeDirectory String False DelimitedData

The home directory for the account. If homeDrive is set and specifies a drive letter, homeDirectory must be a UNC path. Otherwise, homeDirectory is a fully qualified local path including the drive letter (for example, DriveLetter:\Directory\Folder). This value can be a null string.

HomeDrive String False DelimitedData

Specifies the drive letter to which to map the UNC path specified by homeDirectory. The drive letter must be specified in the form DriveLetter: where DriveLetter is the letter of the drive to map. The DriveLetter must be a single, uppercase letter and the colon (:) is required.

BadPasswordTime Datetime False DelimitedData

The last time and date that an attempt to log on to this account was made with a password that is not valid. This value is stored as a large integer that represents the number of 100-nanosecond INTEGERs since January 1, 1601 (UTC). A value of zero means that the last time a incorrect password was used is unknown.

LastLogoff String False DelimitedData

This attribute is not used.

LastLogon Datetime False DelimitedData

The last time the user logged on. This value is stored as a large integer that represents the number of 100-nanosecond INTEGERs since January 1, 1601 (UTC). A value of zero means that the last logon time is unknown.

DBCSPwd String False DelimitedData

The account's LAN Manager password.

LocaleID String False DelimitedData

This attribute contains a list of locale IDs supported by this application. A locale ID represents a geographic location, such as a country/region, city, county, and so on.

ScriptPath String False DelimitedData

This attribute specifies the path for the user's logon script. The string can be null.

LogonHours String False DelimitedData

The hours that the user is allowed to logon to the domain.

LogonWorkstation String False DelimitedData

This attribute is not used. See the User-Workstations attribute.

MaxStorage String False DelimitedData

The maximum amount of disk space the user can use. Use the value specified in USER_MAXSTORAGE_UNLIMITED to use all available disk space.

UserWorkstations String False DelimitedData

Contains the NetBIOS or DNS names of the computers running Windows NT Workstation or Windows 2000 Professional from which the user can log on. Each NetBIOS name is separated by a comma. Multiple names should be separated by commas.

UnicodePwd String False DelimitedData

The password of the user in Windows NT one-way format (OWF). Windows 2000 uses the Windows NT OWF. This property is used only by the operating system. Note that you cannot derive the clear password back from the OWF form of the password.

OtherLoginWorkstations String False DelimitedData

Non-Windows NT or LAN Manager workstations from which a user can log on.

NtPwdHistory String False DelimitedData

The password history of the user in Windows NT one-way format (OWF). Windows 2000 uses the Windows NT OWF.

PwdLastSet Datetime False DelimitedData

The date and time that the password for this account was last changed. This value is stored as a large integer that represents the number of 100 nanosecond INTEGERs since January 1, 1601 (UTC). If this value is set to 0 and the User-Account-Control attribute does not contain the UF_DONT_EXPIRE_PASSWD flag, then the user must set the password at the next logon.

PreferredOU String False DelimitedData

The Organizational Unit to show by default on user' s desktop.

PrimaryGroupID String False DelimitedData

Contains the relative identifier (RID) for the primary group of the user. By default, this is the RID for the Domain Users group.

UserParameters String False DelimitedData

Parameters of the user. Points to a Unicode string that is set aside for use by applications. This string can be a null string, or it can have any number of characters before the terminating null character. Microsoft products use this member to store user data specific to the individual program.

ProfilePath String False DelimitedData

Specifies a path to the user's profile. This value can be a null string, a local absolute path, or a UNC path.

OperatorCount String False DelimitedData

Operator count.

AdminCount String False DelimitedData

Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively).

AccountExpires Datetime False DelimitedData

The date when the account expires. This value represents the number of 100-nanosecond INTEGERs since January 1, 1601 (UTC). A value of 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807) indicates that the account never expires.

LmPwdHistory String False DelimitedData

The password history of the user in LAN Manager (LM) one-way format (OWF). The LM OWF is used for compatibility with LAN Manager 2.x clients, Windows 95, and Windows 98.

GroupMembershipSAM String False DelimitedData

Windows NT Security. Down level Windows NT support.

LogonCount String False DelimitedData

The number of times the account has successfully logged on. A value of 0 indicates that the value is unknown.

ControlAccessRights String False DelimitedData

Used by DS Security to determine which users can perform specific operations on the host object.

DefaultClassStore String False DelimitedData

The default Class Store for a given user.

GroupsToIgnore String False DelimitedData

The Groups-to-Ignore attribute is not currently used.

GroupPriority String False DelimitedData

The Group-Priority attribute is not currently used.

DesktopProfile String False DelimitedData

The location of the desktop profile for a user or group of users. Not used.

DynamicLDAPServer String False DelimitedData

DNS name of server handing dynamic properties for this account.

UserPrincipalName String False DelimitedData

This attribute contains the UPN that is an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. By convention, this should map to the user email name. The value set for this attribute is equal to the length of the user's ID and the domain name. For more information about this attribute, see User Naming Attributes.

LockoutTime Datetime False DelimitedData

The date and time (UTC) that this account was locked out. This value is stored as a large integer that represents the number of 100-nanosecond INTEGERs since January 1, 1601 (UTC). A value of zero means that the account is not currently locked out.

UserSharedFolder String False DelimitedData

Specifies a UNC path to the user's shared documents folder. The path must be a network UNC path of the form \\Server\Share\Directory. This value can be a null string.

UserSharedFolderOther String False DelimitedData

Specifies a UNC path to the user's additional shared documents folder. The path must be a network UNC path of the form \\Server\Share\Directory. This value can be a null string.

ServicePrincipalName String False DelimitedData

List of principal names used for mutual authentication with an instance of a service on this computer.

ACSPolicyName String False DelimitedData

String name of an ACS policy that applies to this user.

TerminalServer String False DelimitedData

Opaque data used by the Windows NT terminal server.

MSMQSignCertificates String False DelimitedData

This attribute contains a number of certificates. A user can generate a certificate per computer. For each certificate we also keep a digest.

MSMQDigests String False DelimitedData

An array of digests of the corresponding certificates in attribute mSMQ-Sign-Certificates. They are used for mapping a digest into a certificate.

MSMQDigestsMig String False DelimitedData

In MSMQ mixed-mode, contains the previous value of mSMQDigests.

MSMQSignCertificatesMig String False DelimitedData

In MSMQ mixed-mode, the attribute contains the previous value of mSMQSignCertificates. MSMQ supports migration from the MSMQ 1.0 DS to the Windows 2000 DS, and mixed mode specifies a state in which some of the DS severs were not upgraded to Windows 2000.

MsNPAllowDialin String False DelimitedData

Indicates whether the account has permission to dial in to the RAS server. Do not modify this value directly. Use the appropriate RAS administration function to modify this value.

MsNPCallingStationID String False DelimitedData

The msNPCallingStationID attribute is used internally. Do not modify this value directly.

MsNPSavedCallingStationID String False DelimitedData

The msNPSavedCallingStationID attribute is used internally. Do not modify this value directly.

MsRADIUSCallbackNumber String False DelimitedData

The msRADIUSCallbackNumber attribute is used internally. Do not modify this value directly.

MsRADIUSFramedIPAddress String False DelimitedData

The msRADIUSFramedIPAddress attribute is used internally. Do not modify this value directly.

MsRADIUSFramedRoute String False DelimitedData

The msRADIUSFramedRoute attribute is used internally. Do not modify this value directly.

MsRADIUSServiceType String False DelimitedData

The msRADIUSServiceType attribute is used internally. Do not modify this value directly.

MsRASSavedCallbackNumber String False DelimitedData

The msRASSavedCallbackNumber attribute is used internally. Do not modify this value directly.

MsRASSavedFramedIPAddress String False DelimitedData

The msRASSavedFramedIPAddress attribute is used internally. Do not modify this value directly.

MsRASSavedFramedRoute String False DelimitedData

The msRASSavedFramedRoute attribute is used internally. Do not modify this value directly.

MS-DS-CreatorSID String False DelimitedData

The security ID of the creator of the object that contains this attribute.

Pseudo-Columns

SELECT ステートメントのWHERE 句では、疑似カラムフィールドを使用して、データソースから返されるタプルを詳細に制御することができます。

Name Type Description
Filter String

Defines the LDAP filter explicitly, overriding any other values set in the WHERE clause.

Copyright (c) 2024 CData Software, Inc. - All rights reserved.
Build 24.0.9062