Menu
I'm using the built in .NET System.DirectoryServices.ActiveDirectory to access an Active Directory Domain Controller.
I'm attempting to enumerate the collection of user properties from the server - not the values, but rather a list of modifiable settings for any user.
Essentially, this is a mirror of writeable attributes from the "Attribute Editor" in Active Directory:
I've tried to grab this data using the following code:
ActiveDirectorySchema currSchema = ActiveDirectorySchema.GetSchema(directoryContext);
ActiveDirectorySchemaClass userSchema = currSchema.FindClass("user");
ReadOnlyActiveDirectorySchemaPropertyCollection userProperties = userSchema.GetAllProperties();
But this returns a lot of properties which simply aren't in this dialogue, but I don't know what makes these properties unique / special.
I've also tried FindClass("person");
Is there a way achieve this?
As requested, here is what I get if I request the above:
Using FindClass("person")
cn
instanceType
nTSecurityDescriptor
objectCategory
objectClass
adminDescription
adminDisplayName
allowedAttributes
allowedAttributesEffective
allowedChildClasses
allowedChildClassesEffective
attributeCertificateAttribute
bridgeheadServerListBL
canonicalName
createTimeStamp
description
directReports
displayName
displayNamePrintable
distinguishedName
dSASignature
dSCorePropagationData
extensionName
flags
fromEntry
frsComputerReferenceBL
fRSMemberReferenceBL
fSMORoleOwner
isCriticalSystemObject
isDeleted
isPrivilegeHolder
isRecycled
lastKnownParent
managedObjects
masteredBy
memberOf
modifyTimeStamp
mS-DS-ConsistencyChildCount
mS-DS-ConsistencyGuid
msCOM-PartitionSetLink
msCOM-UserLink
msDFSR-ComputerReferenceBL
msDFSR-MemberReferenceBL
msDS-Approx-Immed-Subordinates
msDS-AuthenticatedToAccountlist
msDS-EnabledFeatureBL
msDS-HostServiceAccountBL
msDS-IsDomainFor
msDS-IsFullReplicaFor
msDS-IsPartialReplicaFor
msDS-KrbTgtLinkBl
msDS-LastKnownRDN
msDS-LocalEffectiveDeletionTime
msDS-LocalEffectiveRecycleTime
msDs-masteredBy
msDS-MembersForAzRoleBL
msDS-NC-RO-Replica-Locations-BL
msDS-NCReplCursors
msDS-NCReplInboundNeighbors
msDS-NCReplOutboundNeighbors
msDS-NcType
msDS-NonMembersBL
msDS-ObjectReferenceBL
msDS-OIDToGroupLinkBl
msDS-OperationsForAzRoleBL
msDS-OperationsForAzTaskBL
msDS-PrincipalName
msDS-PSOApplied
msDS-ReplAttributeMetaData
msDS-ReplValueMetaData
msDS-RevealedDSAs
msDS-RevealedListBL
msDS-TasksForAzRoleBL
msDS-TasksForAzTaskBL
msSFU30PosixMemberOf
name
netbootSCPBL
nonSecurityMemberBL
objectGUID
objectVersion
otherWellKnownObjects
ownerBL
partialAttributeDeletionList
partialAttributeSet
possibleInferiors
proxiedObjectName
proxyAddresses
queryPolicyBL
replPropertyMetaData
replUpToDateVector
repsFrom
repsTo
revision
sDRightsEffective
seeAlso
serialNumber
serverReferenceBL
showInAdvancedViewOnly
siteObjectBL
sn
structuralObjectClass
subRefs
subSchemaSubEntry
systemFlags
telephoneNumber
url
userPassword
uSNChanged
uSNCreated
uSNDSALastObjRemoved
USNIntersite
uSNLastObjRem
uSNSource
wbemPath
wellKnownObjects
whenChanged
whenCreated
wWWHomePage
Using FindClass("user")
cn
instanceType
nTSecurityDescriptor
objectCategory
objectClass
objectSid
sAMAccountName
accountExpires
accountNameHistory
aCSPolicyName
adminCount
adminDescription
adminDisplayName
allowedAttributes
allowedAttributesEffective
allowedChildClasses
allowedChildClassesEffective
altSecurityIdentities
assistant
attributeCertificateAttribute
audio
badPasswordTime
badPwdCount
bridgeheadServerListBL
businessCategory
c
canonicalName
carLicense
co
codePage
comment
company
controlAccessRights
countryCode
createTimeStamp
dBCSPwd
defaultClassStore
department
departmentNumber
description
desktopProfile
destinationIndicator
directReports
displayName
displayNamePrintable
distinguishedName
division
dSASignature
dSCorePropagationData
dynamicLDAPServer
employeeID
employeeNumber
employeeType
extensionName
facsimileTelephoneNumber
flags
fromEntry
frsComputerReferenceBL
fRSMemberReferenceBL
fSMORoleOwner
garbageCollPeriod
gecos
generationQualifier
gidNumber
givenName
groupMembershipSAM
groupPriority
groupsToIgnore
homeDirectory
homeDrive
homePhone
homePostalAddress
houseIdentifier
info
initials
internationalISDNNumber
ipPhone
isCriticalSystemObject
isDeleted
isPrivilegeHolder
isRecycled
jpegPhoto
l
labeledURI
lastKnownParent
lastLogoff
lastLogon
lastLogonTimestamp
legacyExchangeDN
lmPwdHistory
localeID
lockoutTime
loginShell
logonCount
logonHours
logonWorkstation
mail
managedObjects
manager
masteredBy
maxStorage
memberOf
mhsORAddress
middleName
mobile
modifyTimeStamp
mS-DS-ConsistencyChildCount
mS-DS-ConsistencyGuid
mS-DS-CreatorSID
msCOM-PartitionSetLink
msCOM-UserLink
msCOM-UserPartitionSetLink
msDFSR-ComputerReferenceBL
msDFSR-MemberReferenceBL
msDRM-IdentityCertificate
msDS-AllowedToDelegateTo
msDS-Approx-Immed-Subordinates
msDS-AuthenticatedAtDC
msDS-AuthenticatedToAccountlist
msDS-Cached-Membership
msDS-Cached-Membership-Time-Stamp
msDS-EnabledFeatureBL
msDS-FailedInteractiveLogonCount
msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
msDS-HABSeniorityIndex
msDS-HostServiceAccountBL
msDS-IsDomainFor
msDS-IsFullReplicaFor
msDS-IsPartialReplicaFor
msDS-KeyVersionNumber
msDS-KrbTgtLinkBl
msDS-LastFailedInteractiveLogonTime
msDS-LastKnownRDN
msDS-LastSuccessfulInteractiveLogonTime
msDS-LocalEffectiveDeletionTime
msDS-LocalEffectiveRecycleTime
msDs-masteredBy
msDS-MembersForAzRoleBL
msDS-NC-RO-Replica-Locations-BL
msDS-NCReplCursors
msDS-NCReplInboundNeighbors
msDS-NCReplOutboundNeighbors
msDS-NcType
msDS-NonMembersBL
msDS-ObjectReferenceBL
msDS-OIDToGroupLinkBl
msDS-OperationsForAzRoleBL
msDS-OperationsForAzTaskBL
msDS-PhoneticCompanyName
msDS-PhoneticDepartment
msDS-PhoneticDisplayName
msDS-PhoneticFirstName
msDS-PhoneticLastName
msDS-PrincipalName
msDS-PSOApplied
msDS-ReplAttributeMetaData
msDS-ReplValueMetaData
msDS-ResultantPSO
msDS-RevealedDSAs
msDS-RevealedListBL
msDS-SecondaryKrbTgtNumber
msDS-Site-Affinity
msDS-SourceObjectDN
msDS-SupportedEncryptionTypes
msDS-TasksForAzRoleBL
msDS-TasksForAzTaskBL
msDS-User-Account-Control-Computed
msDS-UserPasswordExpiryTimeComputed
msExchAssistantName
msExchHouseIdentifier
msExchLabeledURI
msIIS-FTPDir
msIIS-FTPRoot
mSMQDigests
mSMQDigestsMig
mSMQSignCertificates
mSMQSignCertificatesMig
msNPAllowDialin
msNPCallingStationID
msNPSavedCallingStationID
msPKI-CredentialRoamingTokens
msPKIAccountCredentials
msPKIDPAPIMasterKeys
msPKIRoamingTimeStamp
msRADIUS-FramedInterfaceId
msRADIUS-FramedIpv6Prefix
msRADIUS-FramedIpv6Route
msRADIUS-SavedFramedInterfaceId
msRADIUS-SavedFramedIpv6Prefix
msRADIUS-SavedFramedIpv6Route
msRADIUSCallbackNumber
msRADIUSFramedIPAddress
msRADIUSFramedRoute
msRADIUSServiceType
msRASSavedCallbackNumber
msRASSavedFramedIPAddress
msRASSavedFramedRoute
msSFU30Name
msSFU30NisDomain
msSFU30PosixMemberOf
msTSAllowLogon
msTSBrokenConnectionAction
msTSConnectClientDrives
msTSConnectPrinterDrives
msTSDefaultToMainPrinter
msTSExpireDate
msTSExpireDate2
msTSExpireDate3
msTSExpireDate4
msTSHomeDirectory
msTSHomeDrive
msTSInitialProgram
msTSLicenseVersion
msTSLicenseVersion2
msTSLicenseVersion3
msTSLicenseVersion4
msTSLSProperty01
msTSLSProperty02
msTSManagingLS
msTSManagingLS2
msTSManagingLS3
msTSManagingLS4
msTSMaxConnectionTime
msTSMaxDisconnectionTime
msTSMaxIdleTime
msTSPrimaryDesktop
msTSProfilePath
msTSProperty01
msTSProperty02
msTSReconnectionAction
msTSRemoteControl
msTSSecondaryDesktops
msTSWorkDirectory
name
netbootSCPBL
networkAddress
nonSecurityMemberBL
ntPwdHistory
o
objectGUID
objectVersion
operatorCount
otherFacsimileTelephoneNumber
otherHomePhone
otherIpPhone
otherLoginWorkstations
otherMailbox
otherMobile
otherPager
otherTelephone
otherWellKnownObjects
ou
ownerBL
pager
partialAttributeDeletionList
partialAttributeSet
personalTitle
photo
physicalDeliveryOfficeName
possibleInferiors
postalAddress
postalCode
postOfficeBox
preferredDeliveryMethod
preferredLanguage
preferredOU
primaryGroupID
primaryInternationalISDNNumber
primaryTelexNumber
profilePath
proxiedObjectName
proxyAddresses
pwdLastSet
queryPolicyBL
registeredAddress
replPropertyMetaData
replUpToDateVector
repsFrom
repsTo
revision
rid
roomNumber
sAMAccountType
scriptPath
sDRightsEffective
secretary
securityIdentifier
seeAlso
serialNumber
serverReferenceBL
servicePrincipalName
shadowExpire
shadowFlag
shadowInactive
shadowLastChange
shadowMax
shadowMin
shadowWarning
showInAddressBook
showInAdvancedViewOnly
sIDHistory
siteObjectBL
sn
st
street
streetAddress
structuralObjectClass
subRefs
subSchemaSubEntry
supplementalCredentials
systemFlags
telephoneNumber
teletexTerminalIdentifier
telexNumber
terminalServer
textEncodedORAddress
thumbnailLogo
thumbnailPhoto
title
tokenGroups
tokenGroupsGlobalAndUniversal
tokenGroupsNoGCAcceptable
uid
uidNumber
unicodePwd
unixHomeDirectory
unixUserPassword
url
userAccountControl
userCert
userCertificate
userParameters
userPassword
userPKCS12
userPrincipalName
userSharedFolder
userSharedFolderOther
userSMIMECertificate
userWorkstations
uSNChanged
uSNCreated
uSNDSALastObjRemoved
USNIntersite
uSNLastObjRem
uSNSource
wbemPath
wellKnownObjects
whenChanged
whenCreated
wWWHomePage
x121Address
x500uniqueIdentifier
userSchema
userProperties
706
Viewing and modifying AD object attributes To view an AD object's attribute, you can perform the following steps: Go to Start and open Administrative tools. Click on Active Directory users and Computers. Right click on the object whose attributes you wish to view, and click Properties.
Use the Set-ADUser cmdlet to change Active Directory user attributes. To display the properties of a specific user, use the –Identity parameter. Identity can be a username, login (SAMAccountName), DN (Distinguished Name), SID, or GUID.
The list of attributes that are allowed to be modified for an object are stored in the attribute allowedAttributesEffective.
It will display the attributes for the security context under which the query was made.
Check out this blog post for some more information.
156
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
