Archive
Useful Active Directory User properties
I have recently started working with Active Directory Federation Service (ADFS) and after some configuration and tweaking I was able to tame the beast. Overall it’s a cool technology and there are some drastic improvements as compare to previous version.
Anyway this post is not about ADFS but recently I was asked to map some user properties in active directory to our user domain objects and finding what each attributes are called using their COMMON NAME (CN) and as LDAP and how they are stored in active directory was a bit boring.
So here i am putting together some of the basic user related properties and how it is stored in active directory so that easy for anyone else to find and use them.Some of the properties have quite different name and what data they support.For example the user primary email address has Common Name as “E-mail-Addresses” but the LDAP display name is “mail” and additional emails can be stored as semi-colon separated string and maps to “Other-Malbox“.
| Active Directory Common Name (CN) | LDAP Display Name | Data Type |
| Personal-Title | Personal-Title | DirectoryString in AD |
| Given-Name | givenName |
DirectoryString in AD |
| Initials | initials | DirectoryString in AD |
| Surname | sn | DirectoryString in AD |
| E-mail-Addresses | DirectoryString in AD | |
| Other-Mailbox | otherMailbox | Collection of DirectoryString separated by ; |
| Telephone-Number | telephoneNumber | DirectoryString in AD |
| Phone-Office-Other | otherTelephone | Collection of DirectoryString separated by ; |
| Phone-Mobile-Primary | mobile | DirectoryString in AD |
| Phone-Mobile-Other | otherMobile | Collection of DirectoryString separated by ; |
| Title | title | DirectoryString in AD |
| User-Principal-Name | userPrincipalName | DirectoryString in AD |
| Last-Logoff | lastLogoff | bytes(8) |
| Pwd-Last-Set | pwdLastSet | bytes(8) |
Additional tool worth mentioning are:-:-
- ADExplorer by Sysinternals and a must have tool if you are doing any active directory development or management.
- Active Directory Powershell: A power shell module where you can browse your active directory as file directory i.e. you can use cd with distinguish name (DN) or Organisation Unit (OU) and traverse through the directory.
- dsquery:a command line tool to query the directory by using search criteria that you specify
Prashant Brall's Blog 