A combined index and Distinguished Name (DN). Multiple indices are supported when the column is set to 'SplitDataByRow'.

The full Distinguished Name (DN) that uniquely identifies the object in the LDAP directory.

The Relative Distinguished Name (RDN), which is the unique portion of the DN within its parent container.

The base Distinguished Name (BaseDN) that specifies the starting point for LDAP operations.

A list of LDAP object classes that define the attributes and behavior of this object.

The surname or family name of the user, such as 'Smith'.

The common name of the object, used for identification and searches. For example, 'John Doe'.

The user's password stored in UTF-8 format. This is a write-only attribute for security purposes.

The primary telephone number associated with the user or object.

A list of Distinguished Names (DNs) of objects that are related or linked to this one.

A textual description of the object. This attribute can be single-valued or multi-valued depending on compatibility requirements.

The user's formal job title, such as 'Senior Programmer', rather than occupational class, such as programmer. This does not include suffix titles like 'Esq.' or 'DDS'.

The X.121 address associated with the object, often used in telecommunications.

A mnemonic address associated with a specific city, registered in the relevant country or region.

An X.500 attribute that is not used in modern NTDS implementations.

The X.500-preferred method for delivering messages to the addressee.

A list of alternate telex numbers associated with the user or object.

Specifies the Teletex terminal identifier and optional parameters for a teletex terminal linked to this object.

The International ISDN (Integrated Services Digital Network) number associated with the object.

The telephone number of the user's business fax machine.

The street address of the user or object.

The post office box number associated with the user or object.

The postal or ZIP code used for mail delivery to the user or object.

The complete mailing address of the user or object.

The name or location of the user's office within their place of business.

The name of the Organizational Unit (OU) to which the user or object belongs.

The state or province associated with the user or object.

The locality, such as a city or town, associated with the user or object.

A DER-encoded X.509v3 certificate issued to the user, including public key certificates provided by Microsoft Certificate Services.

The TCP/IP address for a network segment, also referred to as the subnet address.

Flags that define the behavior and access control of the user account.

The number of failed login attempts for this account. A value of 0 indicates that the count is unknown.

Specifies the code page for the user's preferred language. This attribute is not used in modern Windows implementations.

The home directory for the account. If 'homeDrive' specifies a drive letter, 'homeDirectory' must be a UNC path. Otherwise, it is a local path, including the drive letter (e.g., 'C:\Directory\Folder').

The drive letter to map to the UNC path specified in 'homeDirectory'. Must be in the format 'DriveLetter:', where 'DriveLetter' is an uppercase letter.

The last date and time a failed login attempt was made using an incorrect password. Stored as a large integer representing the number of 100-nanosecond intervals since January 1, 1601 (UTC). A value of 0 indicates no record of failed attempts.

This attribute is not currently used in modern implementations.

The last time the user successfully logged on. Stored as a large integer representing the number of 100-nanosecond intervals since January 1, 1601 (UTC). A value of 0 indicates no record of login.

The timestamp of the last time the user logged on. This value is stored as a large integer that represents the number of 100-nanosecond intervals since January 1, 1601 (UTC). A value of zero means that the last logon time is unknown.

The LAN Manager password of the account. Used primarily for backward compatibility.

A list of locale IDs representing the language and geographic preferences for the user.

The path to the user's login script. Can be null.

Specifies the hours during which the user is allowed to log on to the domain.

Not used in modern implementations. Refer to the User-Workstations attribute instead.

Defines the maximum disk space the user can use. Use 'USER_MAXSTORAGE_UNLIMITED' to allow unlimited space.

Lists the NetBIOS or DNS names of the computers from which the user can log on. Multiple names are separated by commas.

The user's password stored in Windows NT one-way format (OWF). This is managed by the operating system, and the original password cannot be derived.

Specifies non-Windows NT or LAN Manager workstations from which the user can log on.

The user's password history stored in Windows NT one-way format (OWF).

The date and time when the user's password was last changed. Stored as a large integer representing 100-nanosecond intervals since January 1, 1601 (UTC). A value of 0 indicates that the user must set a password at next login.

The Organizational Unit (OU) that is displayed by default on the user's desktop.

The Relative Identifier (RID) for the user's primary group, typically the Domain Users group.

A Unicode string reserved for application-specific user data. Can be null or contain any character string.

The path to the user's profile. This value can be a null string, a local absolute path, or a UNC path.

Tracks the number of operators assigned to the user.

Indicates whether the system has adjusted the ACLs of the object for higher security due to membership in an administrative group.

The date when the account expires. Stored as a large integer representing 100-nanosecond intervals since January 1, 1601 (UTC). A value of 0 or 0x7FFFFFFFFFFFFFFF indicates the account does not expire.

The password history of the user in LAN Manager (LM) format. Used for backward compatibility.

Provides support for down-level Windows NT group membership functionality.

The number of successful logons for the account. A value of 0 indicates no record of successful logons.

Defines the specific rights required for users to perform operations on this object.

Specifies the default Class Store associated with the user.

An attribute that is not currently used and has no functional effect.

An unused attribute associated with group priority.

Specifies the desktop profile location for a user or group of users. This attribute is not currently used.

The DNS name of the server responsible for dynamic properties of this account.

An Internet-style login name for the user, based on RFC 822 standards. Typically maps to the user's email address for convenience. For more information about this attribute, see User Naming Attributes.

The date and time (UTC) when the account was locked out. Stored as a large integer representing 100-nanosecond intervals since January 1, 1601 (UTC). A value of 0 indicates the account is not locked out.

Specifies a UNC path to the user's shared documents folder. The path must be a network UNC path of the form \\Server\Share\Directory. This value can be a null string.

Specifies an additional UNC path to the user's shared documents folder. The path must be a network UNC path of the form \\Server\Share\Directory. This value can be a null string.

Lists the Service Principal Names (SPNs) used for mutual authentication with services on this computer.

Specifies the name of the ACS (Access Control System) policy that applies to the user.

Contains data used by the Windows NT Terminal Server. Not user-editable.

A collection of certificates issued to the user for Microsoft Message Queuing (MSMQ). Includes a digest for each certificate.

An array of digests corresponding to the certificates in the MSMQSignCertificates attribute, used for certificate mapping.

In MSMQ mixed-mode, stores the previous value of the MSMQDigests attribute.

In MSMQ mixed-mode, stores the previous value of the MSMQSignCertificates attribute.

Indicates whether the account is allowed to dial in to a RAS server. This value should be managed through RAS administration tools.

An attribute used internally for RAS. Do not modify directly.

Stores the saved RAS calling station ID. This attribute is used internally and should not be modified directly.

The callback number used for RADIUS. This attribute is managed internally.

Specifies the framed IP address for RADIUS. Managed internally.

Defines the framed route for RADIUS. Managed internally.

Indicates the RADIUS service type. Managed internally.

The saved RADIUS callback number. Managed internally.

The saved RADIUS framed IP address. Managed internally.

The saved RADIUS framed route. Managed internally.

The Security Identifier (SID) of the creator of the object containing this attribute.

Defines an explicit LDAP filter that overrides any other filter specified in the WHERE clause.