Common LDAP Attributes

The following list contains some of the most common LDAP attributes together with a description.

givenName
The first name of the person who is going to use the account.

initials
The initials of the user who is going to use the account. The maximum length of this attribute is 6.

sn
This is the sure name of the user who is going to use the account.

displayName
The displayname as shown in the User Manager of MS Exchange. Normally this name is based on the input provided using the givenName, initials and sn.

description
Describes the purpose of the account or any other additional information.

userPrincipalName
The actual logon name of the user. This name is the account name together with its domain suffix.

samAccountName
The pre-Windows 2000 account name.

userAccountControl
Flags which can be used to read or write specific account properties. Be aware of the fact that several changes exist between Windows 2000 Server and Windows Server 2003.

msDS-User-Account-Control-Computed
New within Windows Server 2003, the flag needed to determine if an account is locked-out.

employeeNumber
Invisible field which can be used as company specific personnel number.

physicalDeliveryOfficeName
Room number of an employee.

telephoneNumber
The telephone number of an employee.

lastLogon
The last logon time available for an account found on a specific domain controller. All DCs have to be queried for an exact overview.

lastLogonTimestamp
The last logon time for an account with a maximum 7-14 days delay. This value is new within Windows Server 2003 and can be queried towards a single DC.

homeDrive
The home drive of a particular account.

homeDirectory
The home folder of a particular account.

TerminalServicesHomeDrive
The home drive of a particular user during a Terminal Services or Citrix session. The value must be accessed using ADSI.

TerminalServicesHomeDirectory
The home folder of a particular user during a Terminal Services or Citrix session. The value must be accessed using ADSI.

SetPassword
Set the password of a specific user account. The value must be accessed using ADSI.

pwdLastSet
Set this value to zero if you want the password to be changed at next account logon.

~Edward