3.1.1.3.1.1.3 Attributes

Sections 5.1 through 5.4 of [RFC2252], as well as section 5 of [RFC2256] and section 2 of [RFC2798], define a set of attributes common to LDAP directories. Additionally, portions of the Active Directory schema are derived from [RFC1274] and [RFC2307]. The following tables show, for each of these RFCs, the attributes that are either included in the Active Directory default schemas of Windows Server 2003 operating system and later, or present as readable attributes of the rootDSE of Windows 2000 operating system and later DCs (both AD DS and AD LDS). Some of these attributes were added to the schema of Windows Server 2003 or Windows Server 2003 R2 operating system but were not present in the Windows 2000 schema; [MS-ADA1], [MS-ADA2], [MS-ADA3], and [MS-ADLS] specify the attributes included in each version of the schema. For more information about rootDSE attributes, which are not part of the schema, see section 3.1.1.3.2.

RFC 1274

Attribute	Included by AD DS?	Included by AD LDS?
objectClass	Yes	Yes
knowledgeInformation	Yes	No
serialNumber	Yes	Yes
streetAddress	Yes	Yes
title	Yes	Yes
description	Yes	Yes
searchGuide	Yes	Yes
businessCategory	Yes	Yes
postalAddress	Yes	Yes
postalCode	Yes	Yes
postOfficeBox	Yes	Yes
physicalDeliveryOfficeName	Yes	Yes
telephoneNumber	Yes	Yes
telexNumber	Yes	Yes
teletexTerminalIdentifier	Yes	Yes
facsimileTelephoneNumber	Yes	Yes
x121Address	Yes	Yes
internationalISDNNumber	Yes	Yes
registeredAddress	Yes	Yes
destinationIndicator	Yes	Yes
preferredDeliveryMethod	Yes	Yes
presentationAddress	Yes	No
supportedApplicationContext	Yes	No
member	Yes	Yes
owner	Yes	Yes
roleOccupant	Yes	No
seeAlso	Yes	Yes
userPassword	Yes*	Yes*
userCertificate	Yes	Yes
cACertificate	Yes	No
authorityRevocationList	Yes	No
certificateRevocationList	Yes	No
crossCertificatePair	Yes	No
textEncodedORAddress	Yes	No
roomNumber	Yes	Yes
photo	Yes	Yes
userClass	Yes	No
host	Yes	No
manager	Yes	Yes
documentIdentifier	Yes	No
documentTitle	Yes	No
documentVersion	Yes	No
documentAuthor	Yes	No
documentLocation	Yes	No
secretary	Yes	Yes
otherMailbox	Yes	No
associatedDomain	Yes	No
associatedName	Yes	No
homePostalAddress	Yes	Yes
personalTitle	Yes	Yes
organizationalStatus	Yes	No
buildingName	Yes	No
audio	Yes	Yes
documentPublisher	Yes	No
aliasedObjectName	No	No
commonName	No	No
surname	No	No
countryName	No	No
localityName	No	No
stateOrProvinceName	No	No
organizationName	No	No
mhsDeliverableContentLength	No	No
mhsDeliverableContentTypes	No	No
mhsDeliverableEits	No	No
mhsDLMembers	No	No
mhsDLSubmitPermissions	No	No
mhsMessageStoreName	No	No
mhsORAddresses	No	No
mhsPreferredDeliveryMethods	No	No
mhsSupportedAutomaticActions	No	No
mhsSupportedContentTypes	No	No
mhsSupportedOptionalAttributes	No	No
userid	No	No
rfc822Mailbox	No	No
info	No	No
favouriteDrink	No	No
homeTelephoneNumber	No	No
lastModifiedTime	No	No
lastModifiedBy	No	No
domainComponent	No	No
aRecord	No	No
mXRecord	No	No
nSRecord	No	No
sOARecord	No	No
cNAMERecord	No	No
mobileTelephoneNumber	No	No
pagerTelephoneNumber	No	No
friendlyCountryName	No	No
uniqueIdentifier	No	No
janetMailbox	No	No
mailPreferenceOption	No	No
dSAQuality	No	No
singleLevelQuality	No	No
subtreeMinimumQuality	No	No
subtreeMaximumQuality	No	No
personalSignature	No	No
dITRedirect	No	No

* Active Directory uses the userPassword attribute to set or change passwords only in limited circumstances. See section 3.1.1.3.1.5.

RFC 2252

Attribute	Included by AD DS?	Included by AD LDS?
createTimeStamp	Yes	Yes
modifyTimeStamp	Yes	Yes
subSchemaSubEntry	Yes	Yes
attributeTypes	Yes	Yes
objectClasses	Yes	Yes
namingContexts	Yes	Yes
supportedExtension	Yes	Yes
supportedControl	Yes	Yes
supportedSASLMechanisms	Yes	Yes
supportedLDAPVersion	Yes	Yes
dITContentRules	Yes	Yes
creatorsName	No	No
modifiersName	No	No
matchingRules	No	No
matchingRulesUse	No	No
altServer	No	No
ldapSyntaxes	No	No
dITStructureRules	No	No
nameForms	No	No

RFC 2256

Attribute	Included by AD DS?	Included by AD LDS?
objectClass	Yes	Yes
knowledgeInformation	Yes	No
cn	Yes	Yes
sn	Yes	Yes
serialNumber	Yes	Yes
c	Yes	Yes
l	Yes	Yes
st	Yes	Yes
street	Yes	Yes
o	Yes	Yes
ou	Yes	Yes
title	Yes	Yes
description	Yes	Yes
searchGuide	Yes	Yes
businessCategory	Yes	Yes
postalAddress	Yes	Yes
postalCode	Yes	Yes
postOfficeBox	Yes	Yes
physicalDeliveryOfficeName	Yes	Yes
telephoneNumber	Yes	Yes
telexNumber	Yes	Yes
teletexTerminalIdentifier	Yes	Yes
facsimileTelephoneNumber	Yes	Yes
x121Address	Yes	Yes
internationalISDNNumber	Yes	Yes
registeredAddress	Yes	Yes
destinationIndicator	Yes	Yes
preferredDeliveryMethod	Yes	Yes
presentationAddress	Yes	No
supportedApplicationContext	Yes	No
member	Yes	Yes
owner	Yes	Yes
roleOccupant	Yes	No
seeAlso	Yes	Yes
userPassword	Yes*	Yes*
userCertificate	Yes	Yes
cACertificate	Yes	No
authorityRevocationList	Yes	No
certificateRevocationList	Yes	No
crossCertificatePair	Yes	No
name	Yes	Yes
givenName	Yes	Yes
initials	Yes	Yes
generationQualifier	Yes	Yes
x500uniqueIdentifier	Yes	Yes
distinguishedName	Yes	Yes
uniqueMember	Yes	Yes
houseIdentifier	Yes	No
deltaRevocationList	Yes	No
dmdName	Yes	Yes
aliasedObjectName	No	No
dnQualifier	No	No
protocolInformation	No	No
supportedAlgorithms	No	No

* Active Directory uses the userPassword attribute to set or change passwords only in limited circumstances. See section 3.1.1.3.1.5.

RFC 2798

Attribute	Included by AD DS?	Included by AD LDS?
carLicense	Yes	Yes
departmentNumber	Yes	Yes
displayName	Yes	Yes
employeeNumber	Yes	Yes
employeeType	Yes	Yes
jpegPhoto	Yes	Yes
preferredLanguage	Yes	Yes
userSMIMECertificate	Yes	Yes
userPKCS12	Yes	Yes

RFC 2307

Attribute	Included by AD DS?	Included by AD LDS?
uidNumber	Yes	No
gidNumber	Yes	No
gecos	Yes	No
homeDirectory	Yes	No
loginShell	Yes	No
shadowLastChange	Yes	No
shadowMin	Yes	No
shadowMax	Yes	No
shadowWarning	Yes	No
shadowInactive	Yes	No
shadowExpire	Yes	No
shadowFlag	Yes	No
memberUid	Yes	No
memberNisNetgroup	Yes	No
nisNetgroupTriple	Yes	No
ipServicePort	Yes	No
ipServiceProtocol	Yes	No
ipProtocolNumber	Yes	No
oncRpcNumber	Yes	No
ipHostNumber	Yes	No
ipNetworkNumber	Yes	No
ipNetmaskNumber	Yes	No
macAddress	Yes	No
bootParameter	Yes	No
bootFile	Yes	No
nisMapName	Yes	No
nisMapEntry	Yes	No