Home > Active Directory > Useful Active Directory User properties

Useful Active Directory User properties

I have recently started working with Active Directory Federation Service (ADFS) and after some configuration and tweaking I was able to tame the beast. Overall it’s a cool technology and there are some drastic improvements as compare to previous version.

Anyway this post is not about ADFS but recently I was asked to map some user properties in active directory to our user domain objects and finding what each attributes are called using their COMMON NAME (CN) and as LDAP and how they are stored in active directory was a bit boring.

So here i am putting together some of the basic user related properties and how it is stored in active directory so that easy for anyone else to find and use them.Some of the properties have quite different name and what data they support.For example the user primary email address has Common Name as “E-mail-Addresses” but the LDAP display name is “mail” and additional emails can be stored as semi-colon separated string and maps to “Other-Malbox“.

Active Directory Common Name (CN) LDAP Display Name Data Type
Personal-Title Personal-Title DirectoryString in AD
Given-Name givenName  
DirectoryString in AD
Initials initials DirectoryString in AD
Surname sn DirectoryString in AD
E-mail-Addresses mail DirectoryString in AD
Other-Mailbox otherMailbox Collection of DirectoryString separated by ;
Telephone-Number telephoneNumber DirectoryString in AD
Phone-Office-Other otherTelephone Collection of DirectoryString separated by ;
Phone-Mobile-Primary mobile DirectoryString in AD
Phone-Mobile-Other otherMobile Collection of DirectoryString separated by ;
Title title DirectoryString in AD
User-Principal-Name userPrincipalName DirectoryString in AD
Last-Logoff lastLogoff bytes(8)
Pwd-Last-Set pwdLastSet bytes(8)

Additional tool worth mentioning are:-:-

  • ADExplorer by Sysinternals and a must have tool if you are doing any active directory development or management.

  • Active Directory Powershell: A power shell module where you can browse your active directory as file directory i.e. you can use cd with distinguish name (DN) or Organisation Unit (OU) and traverse through the directory.

  • dsquery:a command line tool to query the directory by using search criteria that you specify
  1. maniejevons
    November 4, 2014 at 1:43 am

    Thanks for finally talking about >Useful Active Directory User properties | Prashant
    Brall’s Blog <Loved it!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: