63 out of 70 rated this helpful - Rate this topic

User class

Applies to: desktop apps only

This class is used to store information about an employee or contractor who works for an organization. It is also possible to apply this class to long term visitors.

CN	User
Ldap-Display-Name	user
Update Privilege	Domain administrator or account owner.
Update Frequency	This record will be updated each time a new person joins or leaves the company.
Schema-Id-Guid	bf967aba-0de6-11d0-a285-00aa003049e2

Windows 2000 Server

Attributes
Extended Rights
Property Sets

System-Only	False
Object-Category	1
Default-Object-Category	Person
Governs-Id	1.2.840.113556.1.5.9
Default-Hiding-Value	0
Rdn-Att-Id	Common-Name
Subclass of	Organizational-Person
Possible Superiors	Domain-DNSOrganizational-UnitBuiltin-Domain
Auxiliary Classes	Mail-Recipient (System)Security-Principal (System)
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)
System-Flags	0x00000010

Windows 2000 Server Attributes

This class contains the following attributes for Windows 2000 Server:

Attribute	Mandatory	Derived from
Account-Expires	False	User
Account-Name-History	False	Security-Principal
ACS-Policy-Name	False	User
Address	False	Organizational-Person
Address-Home	False	Organizational-Person
Admin-Count	False	User
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Alt-Security-Identities	False	Security-Principal
Assistant	False	Organizational-Person
Bad-Password-Time	False	User
Bad-Pwd-Count	False	User
Bridgehead-Server-List-BL	False	Top
Canonical-Name	False	Top
Code-Page	False	User
Comment	False	Mail-Recipient
Common-Name	True	PersonMail-RecipientTop
Company	False	Organizational-Person
Control-Access-Rights	False	User
Country-Code	False	Organizational-Person
Country-Name	False	Organizational-Person
Create-Time-Stamp	False	Top
DBCS-Pwd	False	User
Default-Class-Store	False	User
Department	False	Organizational-Person
Description	False	Top
Desktop-Profile	False	User
Destination-Indicator	False	Organizational-Person
Display-Name	False	Top
Display-Name-Printable	False	Top
Division	False	Organizational-Person
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Dynamic-LDAP-Server	False	User
E-mail-Addresses	False	Organizational-Person
Employee-ID	False	Organizational-Person
Extension-Name	False	Top
Facsimile-Telephone-Number	False	Organizational-Person
Flags	False	Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Garbage-Coll-Period	False	Mail-Recipient
Generation-Qualifier	False	Organizational-Person
Given-Name	False	Organizational-Person
Group-Membership-SAM	False	User
Group-Priority	False	User
Groups-to-Ignore	False	User
Home-Directory	False	User
Home-Drive	False	User
Initials	False	Organizational-Person
Instance-Type	True	Top
International-ISDN-Number	False	Organizational-Person
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
Last-Known-Parent	False	Top
Last-Logoff	False	User
Last-Logon	False	User
Legacy-Exchange-DN	False	Mail-Recipient
Lm-Pwd-History	False	User
Locale-ID	False	User
Locality-Name	False	Organizational-Person
Lockout-Time	False	User
Logo	False	Organizational-Person
Logon-Count	False	User
Logon-Hours	False	User
Logon-Workstation	False	User
Managed-Objects	False	Top
Manager	False	Organizational-Person
Mastered-By	False	Top
Max-Storage	False	User
MHS-OR-Address	False	Organizational-Person
Modify-Time-Stamp	False	Top
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
MS-DS-Creator-SID	False	User
MSMQ-Digests	False	User
MSMQ-Digests-Mig	False	User
MSMQ-Sign-Certificates	False	User
MSMQ-Sign-Certificates-Mig	False	User
msNPAllowDialin	False	User
msNPCallingStationID	False	User
msNPSavedCallingStationID	False	User
msRADIUSCallbackNumber	False	User
msRADIUSFramedIPAddress	False	User
msRADIUSFramedRoute	False	User
msRADIUSServiceType	False	User
msRASSavedCallbackNumber	False	User
msRASSavedFramedIPAddress	False	User
msRASSavedFramedRoute	False	User
netboot-SCP-BL	False	Top
Network-Address	False	User
Non-Security-Member-BL	False	Top
Nt-Pwd-History	False	User
NT-Security-Descriptor	True	TopSecurity-Principal
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Sid	True	Security-Principal
Object-Version	False	Top
Operator-Count	False	User
Organizational-Unit-Name	False	Organizational-Person
Organization-Name	False	Organizational-Person
Other-Login-Workstations	False	User
Other-Mailbox	False	Organizational-Person
Other-Name	False	Organizational-Person
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
Personal-Title	False	Organizational-Person
Phone-Fax-Other	False	Organizational-Person
Phone-Home-Other	False	Organizational-Person
Phone-Home-Primary	False	Organizational-Person
Phone-Ip-Other	False	Organizational-Person
Phone-Ip-Primary	False	Organizational-Person
Phone-ISDN-Primary	False	Organizational-Person
Phone-Mobile-Other	False	Organizational-Person
Phone-Mobile-Primary	False	Organizational-Person
Phone-Office-Other	False	Organizational-Person
Phone-Pager-Other	False	Organizational-Person
Phone-Pager-Primary	False	Organizational-Person
Physical-Delivery-Office-Name	False	Organizational-Person
Picture	False	Organizational-Person
Possible-Inferiors	False	Top
Postal-Address	False	Organizational-Person
Postal-Code	False	Organizational-Person
Post-Office-Box	False	Organizational-Person
Preferred-Delivery-Method	False	Organizational-Person
Preferred-OU	False	User
Primary-Group-ID	False	User
Profile-Path	False	User
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Pwd-Last-Set	False	User
Query-Policy-BL	False	Top
RDN	False	Top
Registered-Address	False	Organizational-Person
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
Rid	False	Security-Principal
SAM-Account-Name	True	Security-Principal
SAM-Account-Type	False	Security-Principal
Script-Path	False	User
SD-Rights-Effective	False	Top
Security-Identifier	False	Security-Principal
See-Also	False	Person
Server-Reference-BL	False	Top
Service-Principal-Name	False	User
Show-In-Address-Book	False	Mail-Recipient
Show-In-Advanced-View-Only	False	Top
SID-History	False	Security-Principal
Site-Object-BL	False	Top
State-Or-Province-Name	False	Organizational-Person
Street-Address	False	Organizational-Person
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
Supplemental-Credentials	False	Security-Principal
Surname	False	Person
System-Flags	False	Top
Telephone-Number	False	PersonMail-Recipient
Teletex-Terminal-Identifier	False	Organizational-Person
Telex-Number	False	Organizational-Person
Telex-Primary	False	Organizational-Person
Terminal-Server	False	User
Text-Country	False	Organizational-Person
Text-Encoded-OR-Address	False	Mail-Recipient
Title	False	Organizational-Person
Token-Groups	False	Security-Principal
Token-Groups-Global-And-Universal	False	Security-Principal
Token-Groups-No-GC-Acceptable	False	Security-Principal
Unicode-Pwd	False	User
User-Account-Control	False	User
User-Cert	False	Mail-Recipient
User-Comment	False	Organizational-Person
User-Parameters	False	User
User-Password	False	Person
User-Principal-Name	False	User
User-Shared-Folder	False	User
User-Shared-Folder-Other	False	User
User-SMIME-Certificate	False	Mail-Recipient
User-Workstations	False	User
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top
X121-Address	False	Organizational-Person
X509-Cert	False	UserMail-Recipient

Windows 2000 Server Extended Rights

This class contains the following extended rights for Windows 2000 Server:

Common Name
User-Change-Password
User-Force-Change-Password
Send-As
Receive-As

Windows 2000 Server Property Sets

This class contains the following property sets for Windows 2000 Server:

Common Name
General-Information
User-Account-Restrictions
User-Logon
Membership
Personal-Information
Email-Information
Web-Information
Public-Information
RAS-Information

Windows Server 2003

Attributes
Extended Rights
Property Sets

System-Only	False
Object-Category	1
Default-Object-Category	Person
Governs-Id	1.2.840.113556.1.5.9
Default-Hiding-Value	0
Rdn-Att-Id	Common-Name
Subclass of	Organizational-Person
Possible Superiors	Domain-DNSOrganizational-UnitBuiltin-Domain
Auxiliary Classes	Mail-Recipient (System)Security-Principal (System)
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)
System-Flags	0x00000010

Windows Server 2003 Attributes

This class contains the following attributes for Windows Server 2003:

Attribute	Mandatory	Derived from
Account-Expires	False	User
Account-Name-History	False	Security-Principal
ACS-Policy-Name	False	User
Address	False	Organizational-Person
Address-Home	False	UserOrganizational-Person
Admin-Count	False	User
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Alt-Security-Identities	False	Security-Principal
Assistant	False	Organizational-Person
attributeCertificateAttribute	False	Person
audio	False	User
Bad-Password-Time	False	User
Bad-Pwd-Count	False	User
Bridgehead-Server-List-BL	False	Top
Business-Category	False	User
Canonical-Name	False	Top
carLicense	False	User
Code-Page	False	User
Comment	False	Mail-Recipient
Common-Name	True	PersonMail-RecipientTop
Company	False	Organizational-Person
Control-Access-Rights	False	User
Country-Code	False	Organizational-Person
Country-Name	False	Organizational-Person
Create-Time-Stamp	False	Top
DBCS-Pwd	False	User
Default-Class-Store	False	User
Department	False	Organizational-Person
departmentNumber	False	User
Description	False	Top
Desktop-Profile	False	User
Destination-Indicator	False	Organizational-Person
Display-Name	False	UserTop
Display-Name-Printable	False	Top
Division	False	Organizational-Person
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Dynamic-LDAP-Server	False	User
E-mail-Addresses	False	UserOrganizational-Person
Employee-ID	False	Organizational-Person
Employee-Number	False	User
Employee-Type	False	User
Extension-Name	False	Top
Facsimile-Telephone-Number	False	Organizational-Person
Flags	False	Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Garbage-Coll-Period	False	Mail-Recipient
Generation-Qualifier	False	Organizational-Person
Given-Name	False	UserOrganizational-Person
Group-Membership-SAM	False	User
Group-Priority	False	User
Groups-to-Ignore	False	User
Home-Directory	False	User
Home-Drive	False	User
houseIdentifier	False	Organizational-Person
Initials	False	UserOrganizational-Person
Instance-Type	True	Top
International-ISDN-Number	False	Organizational-Person
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
jpegPhoto	False	User
labeledURI	False	UserMail-Recipient
Last-Known-Parent	False	Top
Last-Logoff	False	User
Last-Logon	False	User
Last-Logon-Timestamp	False	User
Legacy-Exchange-DN	False	Mail-Recipient
Lm-Pwd-History	False	User
Locale-ID	False	User
Locality-Name	False	Organizational-Person
Lockout-Time	False	User
Logo	False	Organizational-Person
Logon-Count	False	User
Logon-Hours	False	User
Logon-Workstation	False	User
Managed-Objects	False	Top
Manager	False	UserOrganizational-Person
Mastered-By	False	Top
Max-Storage	False	User
MHS-OR-Address	False	Organizational-Person
Modify-Time-Stamp	False	Top
ms-COM-PartitionSetLink	False	Top
ms-COM-UserLink	False	Top
ms-COM-UserPartitionSetLink	False	User
MS-DRM-Identity-Certificate	False	User
ms-DS-Allowed-To-Delegate-To	False	Organizational-Person
ms-DS-Approx-Immed-Subordinates	False	Top
ms-DS-Cached-Membership	False	User
ms-DS-Cached-Membership-Time-Stamp	False	User
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
MS-DS-Creator-SID	False	User
ms-DS-KeyVersionNumber	False	Security-Principal
ms-DS-Mastered-By	False	Top
ms-DS-Members-For-Az-Role-BL	False	Top
ms-DS-NC-Repl-Cursors	False	Top
ms-DS-NC-Repl-Inbound-Neighbors	False	Top
ms-DS-NC-Repl-Outbound-Neighbors	False	Top
ms-DS-Non-Members-BL	False	Top
ms-DS-Object-Reference-BL	False	Top
ms-DS-Operations-For-Az-Role-BL	False	Top
ms-DS-Operations-For-Az-Task-BL	False	Top
ms-DS-Repl-Attribute-Meta-Data	False	Top
ms-DS-Repl-Value-Meta-Data	False	Top
ms-DS-Site-Affinity	False	User
ms-DS-Tasks-For-Az-Role-BL	False	Top
ms-DS-Tasks-For-Az-Task-BL	False	Top
ms-DS-User-Account-Control-Computed	False	User
ms-Exch-Assistant-Name	False	Mail-Recipient
ms-Exch-House-Identifier	False	Organizational-Person
ms-Exch-LabeledURI	False	Mail-Recipient
ms-Exch-Owner-BL	False	Top
ms-IIS-FTP-Dir	False	User
ms-IIS-FTP-Root	False	User
MSMQ-Digests	False	User
MSMQ-Digests-Mig	False	User
MSMQ-Sign-Certificates	False	User
MSMQ-Sign-Certificates-Mig	False	User
msNPAllowDialin	False	User
msNPCallingStationID	False	User
msNPSavedCallingStationID	False	User
msRADIUSCallbackNumber	False	User
msRADIUSFramedIPAddress	False	User
msRADIUSFramedRoute	False	User
msRADIUSServiceType	False	User
msRASSavedCallbackNumber	False	User
msRASSavedFramedIPAddress	False	User
msRASSavedFramedRoute	False	User
netboot-SCP-BL	False	Top
Network-Address	False	User
Non-Security-Member-BL	False	Top
Nt-Pwd-History	False	User
NT-Security-Descriptor	True	TopSecurity-Principal
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Sid	True	Security-Principal
Object-Version	False	Top
Operator-Count	False	User
Organizational-Unit-Name	False	Organizational-Person
Organization-Name	False	UserOrganizational-Person
Other-Login-Workstations	False	User
Other-Mailbox	False	Organizational-Person
Other-Name	False	Organizational-Person
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
Personal-Title	False	Organizational-Person
Phone-Fax-Other	False	Organizational-Person
Phone-Home-Other	False	Organizational-Person
Phone-Home-Primary	False	UserOrganizational-Person
Phone-Ip-Other	False	Organizational-Person
Phone-Ip-Primary	False	Organizational-Person
Phone-ISDN-Primary	False	Organizational-Person
Phone-Mobile-Other	False	Organizational-Person
Phone-Mobile-Primary	False	UserOrganizational-Person
Phone-Office-Other	False	Organizational-Person
Phone-Pager-Other	False	Organizational-Person
Phone-Pager-Primary	False	UserOrganizational-Person
photo	False	User
Physical-Delivery-Office-Name	False	Organizational-Person
Picture	False	Organizational-Person
Possible-Inferiors	False	Top
Postal-Address	False	Organizational-Person
Postal-Code	False	Organizational-Person
Post-Office-Box	False	Organizational-Person
Preferred-Delivery-Method	False	Organizational-Person
preferredLanguage	False	User
Preferred-OU	False	User
Primary-Group-ID	False	User
Profile-Path	False	User
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Pwd-Last-Set	False	User
Query-Policy-BL	False	Top
RDN	False	Top
Registered-Address	False	Organizational-Person
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
Rid	False	Security-Principal
roomNumber	False	User
SAM-Account-Name	True	Security-Principal
SAM-Account-Type	False	Security-Principal
Script-Path	False	User
SD-Rights-Effective	False	Top
secretary	False	UserMail-Recipient
Security-Identifier	False	Security-Principal
See-Also	False	Person
Serial-Number	False	Person
Server-Reference-BL	False	Top
Service-Principal-Name	False	User
Show-In-Address-Book	False	Mail-Recipient
Show-In-Advanced-View-Only	False	Top
SID-History	False	Security-Principal
Site-Object-BL	False	Top
State-Or-Province-Name	False	Organizational-Person
Street-Address	False	Organizational-Person
Structural-Object-Class	False	Top
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
Supplemental-Credentials	False	Security-Principal
Surname	False	Person
System-Flags	False	Top
Telephone-Number	False	PersonMail-Recipient
Teletex-Terminal-Identifier	False	Organizational-Person
Telex-Number	False	Organizational-Person
Telex-Primary	False	Organizational-Person
Terminal-Server	False	User
Text-Country	False	Organizational-Person
Text-Encoded-OR-Address	False	Mail-Recipient
Title	False	Organizational-Person
Token-Groups	False	Security-Principal
Token-Groups-Global-And-Universal	False	Security-Principal
Token-Groups-No-GC-Acceptable	False	Security-Principal
uid	False	User
Unicode-Pwd	False	User
User-Account-Control	False	User
User-Cert	False	Mail-Recipient
User-Comment	False	Organizational-Person
User-Parameters	False	User
User-Password	False	Person
userPKCS12	False	User
User-Principal-Name	False	User
User-Shared-Folder	False	User
User-Shared-Folder-Other	False	User
User-SMIME-Certificate	False	UserMail-Recipient
User-Workstations	False	User
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top
X121-Address	False	Organizational-Person
x500uniqueIdentifier	False	User
X509-Cert	False	UserMail-Recipient

Windows Server 2003 Extended Rights

This class contains the following extended rights for Windows Server 2003:

Common Name
User-Change-Password
User-Force-Change-Password
Send-As
Receive-As
Allowed-To-Authenticate

Windows Server 2003 Property Sets

This class contains the following property sets for Windows Server 2003:

Common Name
General-Information
User-Account-Restrictions
User-Logon
Membership
Personal-Information
Email-Information
Web-Information
Public-Information
RAS-Information

Windows Server 2003 R2

Attributes
Extended Rights
Property Sets

System-Only	False
Object-Category	1
Default-Object-Category	Person
Governs-Id	1.2.840.113556.1.5.9
Default-Hiding-Value	0
Rdn-Att-Id	Common-Name
Subclass of	Organizational-Person
Possible Superiors	Domain-DNSOrganizational-UnitBuiltin-Domain
Auxiliary Classes	posixAccountshadowAccountMail-Recipient (System)Security-Principal (System)
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)
System-Flags	0x00000010

Windows Server 2003 R2 Attributes

This class contains the following attributes for Windows Server 2003 R2:

Attribute	Mandatory	Derived from
Account-Expires	False	User
Account-Name-History	False	Security-Principal
ACS-Policy-Name	False	User
Address	False	Organizational-Person
Address-Home	False	UserOrganizational-Person
Admin-Count	False	User
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Alt-Security-Identities	False	Security-Principal
Assistant	False	Organizational-Person
attributeCertificateAttribute	False	Person
audio	False	User
Bad-Password-Time	False	User
Bad-Pwd-Count	False	User
Bridgehead-Server-List-BL	False	Top
Business-Category	False	User
Canonical-Name	False	Top
carLicense	False	User
Code-Page	False	User
Comment	False	Mail-Recipient
Common-Name	True	PersonMail-RecipientTopposixAccount
Company	False	Organizational-Person
Control-Access-Rights	False	User
Country-Code	False	Organizational-Person
Country-Name	False	Organizational-Person
Create-Time-Stamp	False	Top
DBCS-Pwd	False	User
Default-Class-Store	False	User
Department	False	Organizational-Person
departmentNumber	False	User
Description	False	TopposixAccountshadowAccount
Desktop-Profile	False	User
Destination-Indicator	False	Organizational-Person
Display-Name	False	UserTop
Display-Name-Printable	False	Top
Division	False	Organizational-Person
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Dynamic-LDAP-Server	False	User
E-mail-Addresses	False	UserOrganizational-Person
Employee-ID	False	Organizational-Person
Employee-Number	False	User
Employee-Type	False	User
Extension-Name	False	Top
Facsimile-Telephone-Number	False	Organizational-Person
Flags	False	Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Garbage-Coll-Period	False	Mail-Recipient
gecos	False	posixAccount
Generation-Qualifier	False	Organizational-Person
gidNumber	False	posixAccount
Given-Name	False	UserOrganizational-Person
Group-Membership-SAM	False	User
Group-Priority	False	User
Groups-to-Ignore	False	User
Home-Directory	False	UserposixAccount
Home-Drive	False	User
houseIdentifier	False	Organizational-Person
Initials	False	UserOrganizational-Person
Instance-Type	True	Top
International-ISDN-Number	False	Organizational-Person
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
jpegPhoto	False	User
labeledURI	False	UserMail-Recipient
Last-Known-Parent	False	Top
Last-Logoff	False	User
Last-Logon	False	User
Last-Logon-Timestamp	False	User
Legacy-Exchange-DN	False	Mail-Recipient
Lm-Pwd-History	False	User
Locale-ID	False	User
Locality-Name	False	Organizational-Person
Lockout-Time	False	User
loginShell	False	posixAccount
Logo	False	Organizational-Person
Logon-Count	False	User
Logon-Hours	False	User
Logon-Workstation	False	User
Managed-Objects	False	Top
Manager	False	UserOrganizational-Person
Mastered-By	False	Top
Max-Storage	False	User
MHS-OR-Address	False	Organizational-Person
Modify-Time-Stamp	False	Top
ms-COM-PartitionSetLink	False	Top
ms-COM-UserLink	False	Top
ms-COM-UserPartitionSetLink	False	User
ms-DFSR-ComputerReferenceBL	False	Top
ms-DFSR-MemberReferenceBL	False	Top
MS-DRM-Identity-Certificate	False	User
ms-DS-Allowed-To-Delegate-To	False	Organizational-Person
ms-DS-Approx-Immed-Subordinates	False	Top
ms-DS-Cached-Membership	False	User
ms-DS-Cached-Membership-Time-Stamp	False	User
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
MS-DS-Creator-SID	False	User
ms-DS-KeyVersionNumber	False	Security-Principal
ms-DS-Mastered-By	False	Top
ms-DS-Members-For-Az-Role-BL	False	Top
ms-DS-NC-Repl-Cursors	False	Top
ms-DS-NC-Repl-Inbound-Neighbors	False	Top
ms-DS-NC-Repl-Outbound-Neighbors	False	Top
ms-DS-Non-Members-BL	False	Top
ms-DS-Object-Reference-BL	False	Top
ms-DS-Operations-For-Az-Role-BL	False	Top
ms-DS-Operations-For-Az-Task-BL	False	Top
ms-DS-Repl-Attribute-Meta-Data	False	Top
ms-DS-Repl-Value-Meta-Data	False	Top
ms-DS-Site-Affinity	False	User
ms-DS-Source-Object-DN	False	User
ms-DS-Tasks-For-Az-Role-BL	False	Top
ms-DS-Tasks-For-Az-Task-BL	False	Top
ms-DS-User-Account-Control-Computed	False	User
ms-Exch-Assistant-Name	False	Mail-Recipient
ms-Exch-House-Identifier	False	Organizational-Person
ms-Exch-LabeledURI	False	Mail-Recipient
ms-Exch-Owner-BL	False	Top
ms-IIS-FTP-Dir	False	User
ms-IIS-FTP-Root	False	User
MSMQ-Digests	False	User
MSMQ-Digests-Mig	False	User
MSMQ-Sign-Certificates	False	User
MSMQ-Sign-Certificates-Mig	False	User
msNPAllowDialin	False	User
msNPCallingStationID	False	User
msNPSavedCallingStationID	False	User
msRADIUSCallbackNumber	False	User
msRADIUSFramedIPAddress	False	User
msRADIUSFramedRoute	False	User
msRADIUSServiceType	False	User
msRASSavedCallbackNumber	False	User
msRASSavedFramedIPAddress	False	User
msRASSavedFramedRoute	False	User
msSFU-30-Name	False	User
msSFU-30-Nis-Domain	False	User
msSFU-30-Posix-Member-Of	False	Top
netboot-SCP-BL	False	Top
Network-Address	False	User
Non-Security-Member-BL	False	Top
Nt-Pwd-History	False	User
NT-Security-Descriptor	True	TopSecurity-Principal
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Sid	True	Security-Principal
Object-Version	False	Top
Operator-Count	False	User
Organizational-Unit-Name	False	Organizational-Person
Organization-Name	False	UserOrganizational-Person
Other-Login-Workstations	False	User
Other-Mailbox	False	Organizational-Person
Other-Name	False	Organizational-Person
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
Personal-Title	False	Organizational-Person
Phone-Fax-Other	False	Organizational-Person
Phone-Home-Other	False	Organizational-Person
Phone-Home-Primary	False	UserOrganizational-Person
Phone-Ip-Other	False	Organizational-Person
Phone-Ip-Primary	False	Organizational-Person
Phone-ISDN-Primary	False	Organizational-Person
Phone-Mobile-Other	False	Organizational-Person
Phone-Mobile-Primary	False	UserOrganizational-Person
Phone-Office-Other	False	Organizational-Person
Phone-Pager-Other	False	Organizational-Person
Phone-Pager-Primary	False	UserOrganizational-Person
photo	False	User
Physical-Delivery-Office-Name	False	Organizational-Person
Picture	False	Organizational-Person
Possible-Inferiors	False	Top
Postal-Address	False	Organizational-Person
Postal-Code	False	Organizational-Person
Post-Office-Box	False	Organizational-Person
Preferred-Delivery-Method	False	Organizational-Person
preferredLanguage	False	User
Preferred-OU	False	User
Primary-Group-ID	False	User
Profile-Path	False	User
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Pwd-Last-Set	False	User
Query-Policy-BL	False	Top
RDN	False	Top
Registered-Address	False	Organizational-Person
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
Rid	False	Security-Principal
roomNumber	False	User
SAM-Account-Name	True	Security-Principal
SAM-Account-Type	False	Security-Principal
Script-Path	False	User
SD-Rights-Effective	False	Top
secretary	False	UserMail-Recipient
Security-Identifier	False	Security-Principal
See-Also	False	Person
Serial-Number	False	Person
Server-Reference-BL	False	Top
Service-Principal-Name	False	User
shadowExpire	False	shadowAccount
shadowFlag	False	shadowAccount
shadowInactive	False	shadowAccount
shadowLastChange	False	shadowAccount
shadowMax	False	shadowAccount
shadowMin	False	shadowAccount
shadowWarning	False	shadowAccount
Show-In-Address-Book	False	Mail-Recipient
Show-In-Advanced-View-Only	False	Top
SID-History	False	Security-Principal
Site-Object-BL	False	Top
State-Or-Province-Name	False	Organizational-Person
Street-Address	False	Organizational-Person
Structural-Object-Class	False	Top
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
Supplemental-Credentials	False	Security-Principal
Surname	False	Person
System-Flags	False	Top
Telephone-Number	False	PersonMail-Recipient
Teletex-Terminal-Identifier	False	Organizational-Person
Telex-Number	False	Organizational-Person
Telex-Primary	False	Organizational-Person
Terminal-Server	False	User
Text-Country	False	Organizational-Person
Text-Encoded-OR-Address	False	Mail-Recipient
Title	False	Organizational-Person
Token-Groups	False	Security-Principal
Token-Groups-Global-And-Universal	False	Security-Principal
Token-Groups-No-GC-Acceptable	False	Security-Principal
uid	False	UserposixAccountshadowAccount
uidNumber	False	posixAccount
Unicode-Pwd	False	User
unixHomeDirectory	False	posixAccount
unixUserPassword	False	posixAccount
User-Account-Control	False	User
User-Cert	False	Mail-Recipient
User-Comment	False	Organizational-Person
User-Parameters	False	User
User-Password	False	PersonposixAccountshadowAccount
userPKCS12	False	User
User-Principal-Name	False	User
User-Shared-Folder	False	User
User-Shared-Folder-Other	False	User
User-SMIME-Certificate	False	UserMail-Recipient
User-Workstations	False	User
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top
X121-Address	False	Organizational-Person
x500uniqueIdentifier	False	User
X509-Cert	False	UserMail-Recipient

Windows Server 2003 R2 Extended Rights

This class contains the following extended rights for Windows Server 2003 R2:

Common Name
User-Change-Password
User-Force-Change-Password
Send-As
Receive-As
Allowed-To-Authenticate

Windows Server 2003 R2 Property Sets

This class contains the following property sets for Windows Server 2003 R2:

Common Name
General-Information
User-Account-Restrictions
User-Logon
Membership
Personal-Information
Email-Information
Web-Information
Public-Information
RAS-Information

Windows Server 2008

Attributes
Extended Rights
Property Sets

System-Only	False
Object-Category	1
Default-Object-Category	Person
Governs-Id	1.2.840.113556.1.5.9
Default-Hiding-Value	0
Rdn-Att-Id	Common-Name
Subclass of	Organizational-Person
Possible Superiors	Domain-DNSOrganizational-UnitBuiltin-Domain
Auxiliary Classes	posixAccountshadowAccountMail-Recipient (System)Security-Principal (System)
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
System-Flags	0x00000010

Windows Server 2008 Attributes

This class contains the following attributes for Windows Server 2008:

Attribute	Mandatory	Derived from
Account-Expires	False	User
Account-Name-History	False	Security-Principal
ACS-Policy-Name	False	User
Address	False	Organizational-Person
Address-Home	False	UserOrganizational-Person
Admin-Count	False	User
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Alt-Security-Identities	False	Security-Principal
Assistant	False	Organizational-Person
attributeCertificateAttribute	False	Person
audio	False	User
Bad-Password-Time	False	User
Bad-Pwd-Count	False	User
Bridgehead-Server-List-BL	False	Top
Business-Category	False	User
Canonical-Name	False	Top
carLicense	False	User
Code-Page	False	User
Comment	False	Mail-Recipient
Common-Name	True	PersonMail-RecipientTopposixAccount
Company	False	Organizational-Person
Control-Access-Rights	False	User
Country-Code	False	Organizational-Person
Country-Name	False	Organizational-Person
Create-Time-Stamp	False	Top
DBCS-Pwd	False	User
Default-Class-Store	False	User
Department	False	Organizational-Person
departmentNumber	False	User
Description	False	TopposixAccountshadowAccount
Desktop-Profile	False	User
Destination-Indicator	False	Organizational-Person
Display-Name	False	UserTop
Display-Name-Printable	False	Top
Division	False	Organizational-Person
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Dynamic-LDAP-Server	False	User
E-mail-Addresses	False	UserOrganizational-Person
Employee-ID	False	Organizational-Person
Employee-Number	False	User
Employee-Type	False	User
Extension-Name	False	Top
Facsimile-Telephone-Number	False	Organizational-Person
Flags	False	Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Garbage-Coll-Period	False	Mail-Recipient
gecos	False	posixAccount
Generation-Qualifier	False	Organizational-Person
gidNumber	False	posixAccount
Given-Name	False	UserOrganizational-Person
Group-Membership-SAM	False	User
Group-Priority	False	User
Groups-to-Ignore	False	User
Home-Directory	False	UserposixAccount
Home-Drive	False	User
houseIdentifier	False	Organizational-Person
Initials	False	UserOrganizational-Person
Instance-Type	True	Top
International-ISDN-Number	False	Organizational-Person
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
jpegPhoto	False	User
labeledURI	False	UserMail-Recipient
Last-Known-Parent	False	Top
Last-Logoff	False	User
Last-Logon	False	User
Last-Logon-Timestamp	False	User
Legacy-Exchange-DN	False	Mail-Recipient
Lm-Pwd-History	False	User
Locale-ID	False	User
Locality-Name	False	Organizational-Person
Lockout-Time	False	User
loginShell	False	posixAccount
Logo	False	Organizational-Person
Logon-Count	False	User
Logon-Hours	False	User
Logon-Workstation	False	User
Managed-Objects	False	Top
Manager	False	UserOrganizational-Person
Mastered-By	False	Top
Max-Storage	False	User
MHS-OR-Address	False	Organizational-Person
Modify-Time-Stamp	False	Top
ms-COM-PartitionSetLink	False	Top
ms-COM-UserLink	False	Top
ms-COM-UserPartitionSetLink	False	User
ms-DFSR-ComputerReferenceBL	False	Top
ms-DFSR-MemberReferenceBL	False	Top
MS-DRM-Identity-Certificate	False	User
ms-DS-Allowed-To-Delegate-To	False	Organizational-Person
ms-DS-Approx-Immed-Subordinates	False	Top
ms-DS-AuthenticatedAt-DC	False	User
ms-DS-AuthenticatedTo-Accountlist	False	Top
ms-DS-Cached-Membership	False	User
ms-DS-Cached-Membership-Time-Stamp	False	User
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
MS-DS-Creator-SID	False	User
ms-DS-Failed-Interactive-Logon-Count	False	User
ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon	False	User
ms-DS-HAB-Seniority-Index	False	Organizational-Person
ms-DS-Is-Domain-For	False	Top
ms-DS-Is-Full-Replica-For	False	Top
ms-DS-Is-Partial-Replica-For	False	Top
ms-DS-KeyVersionNumber	False	Security-Principal
ms-DS-KrbTgt-Link-BL	False	Top
ms-DS-Last-Failed-Interactive-Logon-Time	False	User
ms-DS-Last-Successful-Interactive-Logon-Time	False	User
ms-DS-Mastered-By	False	Top
ms-DS-Members-For-Az-Role-BL	False	Top
ms-DS-NC-Repl-Cursors	False	Top
ms-DS-NC-Repl-Inbound-Neighbors	False	Top
ms-DS-NC-Repl-Outbound-Neighbors	False	Top
ms-DS-NC-RO-Replica-Locations-BL	False	Top
ms-DS-NC-Type	False	Top
ms-DS-Non-Members-BL	False	Top
ms-DS-Object-Reference-BL	False	Top
ms-DS-Operations-For-Az-Role-BL	False	Top
ms-DS-Operations-For-Az-Task-BL	False	Top
ms-DS-Phonetic-Company-Name	False	Organizational-Person
ms-DS-Phonetic-Department	False	Organizational-Person
ms-DS-Phonetic-Display-Name	False	Organizational-PersonMail-Recipient
ms-DS-Phonetic-First-Name	False	Organizational-Person
ms-DS-Phonetic-Last-Name	False	Organizational-Person
ms-DS-Principal-Name	False	Top
ms-DS-PSO-Applied	False	Top
ms-DS-Repl-Attribute-Meta-Data	False	Top
ms-DS-Repl-Value-Meta-Data	False	Top
ms-DS-Resultant-PSO	False	User
ms-DS-Revealed-DSAs	False	Top
ms-DS-Revealed-List-BL	False	Top
ms-DS-Secondary-KrbTgt-Number	False	User
ms-DS-Site-Affinity	False	User
ms-DS-Source-Object-DN	False	User
ms-DS-Supported-Encryption-Types	False	User
ms-DS-Tasks-For-Az-Role-BL	False	Top
ms-DS-Tasks-For-Az-Task-BL	False	Top
ms-DS-User-Account-Control-Computed	False	User
ms-DS-User-Password-Expiry-Time-Computed	False	User
ms-Exch-Assistant-Name	False	Mail-Recipient
ms-Exch-House-Identifier	False	Organizational-Person
ms-Exch-LabeledURI	False	Mail-Recipient
ms-Exch-Owner-BL	False	Top
ms-IIS-FTP-Dir	False	User
ms-IIS-FTP-Root	False	User
MSMQ-Digests	False	User
MSMQ-Digests-Mig	False	User
MSMQ-Sign-Certificates	False	User
MSMQ-Sign-Certificates-Mig	False	User
msNPAllowDialin	False	User
msNPCallingStationID	False	User
msNPSavedCallingStationID	False	User
ms-PKI-AccountCredentials	False	User
ms-PKI-DPAPIMasterKeys	False	User
ms-PKI-RoamingTimeStamp	False	User
msRADIUSCallbackNumber	False	User
ms-RADIUS-FramedInterfaceId	False	User
msRADIUSFramedIPAddress	False	User
ms-RADIUS-FramedIpv6Prefix	False	User
ms-RADIUS-FramedIpv6Route	False	User
msRADIUSFramedRoute	False	User
ms-RADIUS-SavedFramedInterfaceId	False	User
ms-RADIUS-SavedFramedIpv6Prefix	False	User
ms-RADIUS-SavedFramedIpv6Route	False	User
msRADIUSServiceType	False	User
msRASSavedCallbackNumber	False	User
msRASSavedFramedIPAddress	False	User
msRASSavedFramedRoute	False	User
msSFU-30-Name	False	User
msSFU-30-Nis-Domain	False	User
msSFU-30-Posix-Member-Of	False	Top
ms-TS-Allow-Logon	False	User
ms-TS-Broken-Connection-Action	False	User
ms-TS-Connect-Client-Drives	False	User
ms-TS-Connect-Printer-Drives	False	User
ms-TS-Default-To-Main-Printer	False	User
MS-TS-ExpireDate	False	User
MS-TS-ExpireDate2	False	User
MS-TS-ExpireDate3	False	User
MS-TS-ExpireDate4	False	User
ms-TS-Home-Directory	False	User
ms-TS-Home-Drive	False	User
ms-TS-Initial-Program	False	User
MS-TS-LicenseVersion	False	User
MS-TS-LicenseVersion2	False	User
MS-TS-LicenseVersion3	False	User
MS-TS-LicenseVersion4	False	User
MS-TSLS-Property01	False	User
MS-TSLS-Property02	False	User
MS-TS-ManagingLS	False	User
MS-TS-ManagingLS2	False	User
MS-TS-ManagingLS3	False	User
MS-TS-ManagingLS4	False	User
ms-TS-Max-Connection-Time	False	User
ms-TS-Max-Disconnection-Time	False	User
ms-TS-Max-Idle-Time	False	User
ms-TS-Profile-Path	False	User
MS-TS-Property01	False	User
MS-TS-Property02	False	User
ms-TS-Reconnection-Action	False	User
ms-TS-Remote-Control	False	User
ms-TS-Work-Directory	False	User
netboot-SCP-BL	False	Top
Network-Address	False	User
Non-Security-Member-BL	False	Top
Nt-Pwd-History	False	User
NT-Security-Descriptor	True	TopSecurity-Principal
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Sid	True	Security-Principal
Object-Version	False	Top
Operator-Count	False	User
Organizational-Unit-Name	False	Organizational-Person
Organization-Name	False	UserOrganizational-Person
Other-Login-Workstations	False	User
Other-Mailbox	False	Organizational-Person
Other-Name	False	Organizational-Person
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
Personal-Title	False	Organizational-Person
Phone-Fax-Other	False	Organizational-Person
Phone-Home-Other	False	Organizational-Person
Phone-Home-Primary	False	UserOrganizational-Person
Phone-Ip-Other	False	Organizational-Person
Phone-Ip-Primary	False	Organizational-Person
Phone-ISDN-Primary	False	Organizational-Person
Phone-Mobile-Other	False	Organizational-Person
Phone-Mobile-Primary	False	UserOrganizational-Person
Phone-Office-Other	False	Organizational-Person
Phone-Pager-Other	False	Organizational-Person
Phone-Pager-Primary	False	UserOrganizational-Person
photo	False	User
Physical-Delivery-Office-Name	False	Organizational-Person
Picture	False	Organizational-Person
Possible-Inferiors	False	Top
Postal-Address	False	Organizational-Person
Postal-Code	False	Organizational-Person
Post-Office-Box	False	Organizational-Person
Preferred-Delivery-Method	False	Organizational-Person
preferredLanguage	False	User
Preferred-OU	False	User
Primary-Group-ID	False	User
Profile-Path	False	User
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Pwd-Last-Set	False	User
Query-Policy-BL	False	Top
RDN	False	Top
Registered-Address	False	Organizational-Person
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
Rid	False	Security-Principal
roomNumber	False	User
SAM-Account-Name	True	Security-Principal
SAM-Account-Type	False	Security-Principal
Script-Path	False	User
SD-Rights-Effective	False	Top
secretary	False	UserMail-Recipient
Security-Identifier	False	Security-Principal
See-Also	False	Person
Serial-Number	False	Person
Server-Reference-BL	False	Top
Service-Principal-Name	False	User
shadowExpire	False	shadowAccount
shadowFlag	False	shadowAccount
shadowInactive	False	shadowAccount
shadowLastChange	False	shadowAccount
shadowMax	False	shadowAccount
shadowMin	False	shadowAccount
shadowWarning	False	shadowAccount
Show-In-Address-Book	False	Mail-Recipient
Show-In-Advanced-View-Only	False	Top
SID-History	False	Security-Principal
Site-Object-BL	False	Top
State-Or-Province-Name	False	Organizational-Person
Street-Address	False	Organizational-Person
Structural-Object-Class	False	Top
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
Supplemental-Credentials	False	Security-Principal
Surname	False	Person
System-Flags	False	Top
Telephone-Number	False	PersonMail-Recipient
Teletex-Terminal-Identifier	False	Organizational-Person
Telex-Number	False	Organizational-Person
Telex-Primary	False	Organizational-Person
Terminal-Server	False	User
Text-Country	False	Organizational-Person
Text-Encoded-OR-Address	False	Mail-Recipient
Title	False	Organizational-Person
Token-Groups	False	Security-Principal
Token-Groups-Global-And-Universal	False	Security-Principal
Token-Groups-No-GC-Acceptable	False	Security-Principal
uid	False	UserposixAccountshadowAccount
uidNumber	False	posixAccount
Unicode-Pwd	False	User
unixHomeDirectory	False	posixAccount
unixUserPassword	False	posixAccount
User-Account-Control	False	User
User-Cert	False	Mail-Recipient
User-Comment	False	Organizational-Person
User-Parameters	False	User
User-Password	False	PersonposixAccountshadowAccount
userPKCS12	False	User
User-Principal-Name	False	User
User-Shared-Folder	False	User
User-Shared-Folder-Other	False	User
User-SMIME-Certificate	False	UserMail-Recipient
User-Workstations	False	User
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top
X121-Address	False	Organizational-Person
x500uniqueIdentifier	False	User
X509-Cert	False	UserMail-Recipient

Windows Server 2008 Extended Rights

This class contains the following extended rights for Windows Server 2008:

Common Name
User-Change-Password
User-Force-Change-Password
Send-As
Receive-As
Allowed-To-Authenticate

Windows Server 2008 Property Sets

This class contains the following property sets for Windows Server 2008:

Common Name
General-Information
User-Account-Restrictions
User-Logon
Membership
Personal-Information
Email-Information
Web-Information
Public-Information
RAS-Information
Private-Information
Terminal-Server-License-Server

Windows Server 2008 R2

Attributes
Extended Rights
Property Sets

System-Only	False
Object-Category	1
Default-Object-Category	Person
Governs-Id	1.2.840.113556.1.5.9
Default-Hiding-Value	0
Rdn-Att-Id	Common-Name
Subclass of	Organizational-Person
Possible Superiors	Domain-DNSOrganizational-UnitBuiltin-Domain
Auxiliary Classes	posixAccountshadowAccountMail-Recipient (System)Security-Principal (System)
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
System-Flags	0x00000010

Windows Server 2008 R2 Attributes

This class contains the following attributes for Windows Server 2008 R2:

Attribute	Mandatory	Derived from
Account-Expires	False	User
Account-Name-History	False	Security-Principal
ACS-Policy-Name	False	User
Address	False	Organizational-Person
Address-Home	False	UserOrganizational-Person
Admin-Count	False	User
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Alt-Security-Identities	False	Security-Principal
Assistant	False	Organizational-Person
attributeCertificateAttribute	False	Person
audio	False	User
Bad-Password-Time	False	User
Bad-Pwd-Count	False	User
Bridgehead-Server-List-BL	False	Top
Business-Category	False	User
Canonical-Name	False	Top
carLicense	False	User
Code-Page	False	User
Comment	False	Mail-Recipient
Common-Name	True	PersonMail-RecipientTopposixAccount
Company	False	Organizational-Person
Control-Access-Rights	False	User
Country-Code	False	Organizational-Person
Country-Name	False	Organizational-Person
Create-Time-Stamp	False	Top
DBCS-Pwd	False	User
Default-Class-Store	False	User
Department	False	Organizational-Person
departmentNumber	False	User
Description	False	TopposixAccountshadowAccount
Desktop-Profile	False	User
Destination-Indicator	False	Organizational-Person
Display-Name	False	UserTop
Display-Name-Printable	False	Top
Division	False	Organizational-Person
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Dynamic-LDAP-Server	False	User
E-mail-Addresses	False	UserOrganizational-Person
Employee-ID	False	Organizational-Person
Employee-Number	False	User
Employee-Type	False	User
Extension-Name	False	Top
Facsimile-Telephone-Number	False	Organizational-Person
Flags	False	Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Garbage-Coll-Period	False	Mail-Recipient
gecos	False	posixAccount
Generation-Qualifier	False	Organizational-Person
gidNumber	False	posixAccount
Given-Name	False	UserOrganizational-Person
Group-Membership-SAM	False	User
Group-Priority	False	User
Groups-to-Ignore	False	User
Home-Directory	False	UserposixAccount
Home-Drive	False	User
houseIdentifier	False	Organizational-Person
Initials	False	UserOrganizational-Person
Instance-Type	True	Top
International-ISDN-Number	False	Organizational-Person
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
Is-Recycled	False	Top
jpegPhoto	False	User
labeledURI	False	UserMail-Recipient
Last-Known-Parent	False	Top
Last-Logoff	False	User
Last-Logon	False	User
Last-Logon-Timestamp	False	User
Legacy-Exchange-DN	False	Mail-Recipient
Lm-Pwd-History	False	User
Locale-ID	False	User
Locality-Name	False	Organizational-Person
Lockout-Time	False	User
loginShell	False	posixAccount
Logo	False	Organizational-Person
Logon-Count	False	User
Logon-Hours	False	User
Logon-Workstation	False	User
Managed-Objects	False	Top
Manager	False	UserOrganizational-Person
Mastered-By	False	Top
Max-Storage	False	User
MHS-OR-Address	False	Organizational-Person
Modify-Time-Stamp	False	Top
ms-COM-PartitionSetLink	False	Top
ms-COM-UserLink	False	Top
ms-COM-UserPartitionSetLink	False	User
ms-DFSR-ComputerReferenceBL	False	Top
ms-DFSR-MemberReferenceBL	False	Top
MS-DRM-Identity-Certificate	False	User
ms-DS-Allowed-To-Delegate-To	False	Organizational-Person
ms-DS-Approx-Immed-Subordinates	False	Top
ms-DS-AuthenticatedAt-DC	False	User
ms-DS-AuthenticatedTo-Accountlist	False	Top
ms-DS-Cached-Membership	False	User
ms-DS-Cached-Membership-Time-Stamp	False	User
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
MS-DS-Creator-SID	False	User
ms-DS-Enabled-Feature-BL	False	Top
ms-DS-Failed-Interactive-Logon-Count	False	User
ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon	False	User
ms-DS-HAB-Seniority-Index	False	Organizational-Person
ms-DS-Host-Service-Account-BL	False	Top
ms-DS-Is-Domain-For	False	Top
ms-DS-Is-Full-Replica-For	False	Top
ms-DS-Is-Partial-Replica-For	False	Top
ms-DS-KeyVersionNumber	False	Security-Principal
ms-DS-KrbTgt-Link-BL	False	Top
ms-DS-Last-Failed-Interactive-Logon-Time	False	User
ms-DS-Last-Known-RDN	False	Top
ms-DS-Last-Successful-Interactive-Logon-Time	False	User
ms-DS-local-Effective-Deletion-Time	False	Top
ms-DS-local-Effective-Recycle-Time	False	Top
ms-DS-Mastered-By	False	Top
ms-DS-Members-For-Az-Role-BL	False	Top
ms-DS-NC-Repl-Cursors	False	Top
ms-DS-NC-Repl-Inbound-Neighbors	False	Top
ms-DS-NC-Repl-Outbound-Neighbors	False	Top
ms-DS-NC-RO-Replica-Locations-BL	False	Top
ms-DS-NC-Type	False	Top
ms-DS-Non-Members-BL	False	Top
ms-DS-Object-Reference-BL	False	Top
ms-DS-OIDToGroup-Link-BL	False	Top
ms-DS-Operations-For-Az-Role-BL	False	Top
ms-DS-Operations-For-Az-Task-BL	False	Top
ms-DS-Phonetic-Company-Name	False	Organizational-Person
ms-DS-Phonetic-Department	False	Organizational-Person
ms-DS-Phonetic-Display-Name	False	Organizational-PersonMail-Recipient
ms-DS-Phonetic-First-Name	False	Organizational-Person
ms-DS-Phonetic-Last-Name	False	Organizational-Person
ms-DS-Principal-Name	False	Top
ms-DS-PSO-Applied	False	Top
ms-DS-Repl-Attribute-Meta-Data	False	Top
ms-DS-Repl-Value-Meta-Data	False	Top
ms-DS-Resultant-PSO	False	User
ms-DS-Revealed-DSAs	False	Top
ms-DS-Revealed-List-BL	False	Top
ms-DS-Secondary-KrbTgt-Number	False	User
ms-DS-Site-Affinity	False	User
ms-DS-Source-Object-DN	False	User
ms-DS-Supported-Encryption-Types	False	User
ms-DS-Tasks-For-Az-Role-BL	False	Top
ms-DS-Tasks-For-Az-Task-BL	False	Top
ms-DS-User-Account-Control-Computed	False	User
ms-DS-User-Password-Expiry-Time-Computed	False	User
ms-Exch-Assistant-Name	False	Mail-Recipient
ms-Exch-House-Identifier	False	Organizational-Person
ms-Exch-LabeledURI	False	Mail-Recipient
ms-Exch-Owner-BL	False	Top
ms-IIS-FTP-Dir	False	User
ms-IIS-FTP-Root	False	User
MSMQ-Digests	False	User
MSMQ-Digests-Mig	False	User
MSMQ-Sign-Certificates	False	User
MSMQ-Sign-Certificates-Mig	False	User
msNPAllowDialin	False	User
msNPCallingStationID	False	User
msNPSavedCallingStationID	False	User
ms-PKI-AccountCredentials	False	User
ms-PKI-Credential-Roaming-Tokens	False	User
ms-PKI-DPAPIMasterKeys	False	User
ms-PKI-RoamingTimeStamp	False	User
msRADIUSCallbackNumber	False	User
ms-RADIUS-FramedInterfaceId	False	User
msRADIUSFramedIPAddress	False	User
ms-RADIUS-FramedIpv6Prefix	False	User
ms-RADIUS-FramedIpv6Route	False	User
msRADIUSFramedRoute	False	User
ms-RADIUS-SavedFramedInterfaceId	False	User
ms-RADIUS-SavedFramedIpv6Prefix	False	User
ms-RADIUS-SavedFramedIpv6Route	False	User
msRADIUSServiceType	False	User
msRASSavedCallbackNumber	False	User
msRASSavedFramedIPAddress	False	User
msRASSavedFramedRoute	False	User
msSFU-30-Name	False	User
msSFU-30-Nis-Domain	False	User
msSFU-30-Posix-Member-Of	False	Top
ms-TS-Allow-Logon	False	User
ms-TS-Broken-Connection-Action	False	User
ms-TS-Connect-Client-Drives	False	User
ms-TS-Connect-Printer-Drives	False	User
ms-TS-Default-To-Main-Printer	False	User
MS-TS-ExpireDate	False	User
MS-TS-ExpireDate2	False	User
MS-TS-ExpireDate3	False	User
MS-TS-ExpireDate4	False	User
ms-TS-Home-Directory	False	User
ms-TS-Home-Drive	False	User
ms-TS-Initial-Program	False	User
MS-TS-LicenseVersion	False	User
MS-TS-LicenseVersion2	False	User
MS-TS-LicenseVersion3	False	User
MS-TS-LicenseVersion4	False	User
MS-TSLS-Property01	False	User
MS-TSLS-Property02	False	User
MS-TS-ManagingLS	False	User
MS-TS-ManagingLS2	False	User
MS-TS-ManagingLS3	False	User
MS-TS-ManagingLS4	False	User
ms-TS-Max-Connection-Time	False	User
ms-TS-Max-Disconnection-Time	False	User
ms-TS-Max-Idle-Time	False	User
ms-TS-Primary-Desktop	False	User
ms-TS-Profile-Path	False	User
MS-TS-Property01	False	User
MS-TS-Property02	False	User
ms-TS-Reconnection-Action	False	User
ms-TS-Remote-Control	False	User
ms-TS-Secondary-Desktops	False	User
ms-TS-Work-Directory	False	User
netboot-SCP-BL	False	Top
Network-Address	False	User
Non-Security-Member-BL	False	Top
Nt-Pwd-History	False	User
NT-Security-Descriptor	True	TopSecurity-Principal
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Sid	True	Security-Principal
Object-Version	False	Top
Operator-Count	False	User
Organizational-Unit-Name	False	Organizational-Person
Organization-Name	False	UserOrganizational-Person
Other-Login-Workstations	False	User
Other-Mailbox	False	Organizational-Person
Other-Name	False	Organizational-Person
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
Personal-Title	False	Organizational-Person
Phone-Fax-Other	False	Organizational-Person
Phone-Home-Other	False	Organizational-Person
Phone-Home-Primary	False	UserOrganizational-Person
Phone-Ip-Other	False	Organizational-Person
Phone-Ip-Primary	False	Organizational-Person
Phone-ISDN-Primary	False	Organizational-Person
Phone-Mobile-Other	False	Organizational-Person
Phone-Mobile-Primary	False	UserOrganizational-Person
Phone-Office-Other	False	Organizational-Person
Phone-Pager-Other	False	Organizational-Person
Phone-Pager-Primary	False	UserOrganizational-Person
photo	False	User
Physical-Delivery-Office-Name	False	Organizational-Person
Picture	False	Organizational-Person
Possible-Inferiors	False	Top
Postal-Address	False	Organizational-Person
Postal-Code	False	Organizational-Person
Post-Office-Box	False	Organizational-Person
Preferred-Delivery-Method	False	Organizational-Person
preferredLanguage	False	User
Preferred-OU	False	User
Primary-Group-ID	False	User
Profile-Path	False	User
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Pwd-Last-Set	False	User
Query-Policy-BL	False	Top
RDN	False	Top
Registered-Address	False	Organizational-Person
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
Rid	False	Security-Principal
roomNumber	False	User
SAM-Account-Name	True	Security-Principal
SAM-Account-Type	False	Security-Principal
Script-Path	False	User
SD-Rights-Effective	False	Top
secretary	False	UserMail-Recipient
Security-Identifier	False	Security-Principal
See-Also	False	Person
Serial-Number	False	Person
Server-Reference-BL	False	Top
Service-Principal-Name	False	User
shadowExpire	False	shadowAccount
shadowFlag	False	shadowAccount
shadowInactive	False	shadowAccount
shadowLastChange	False	shadowAccount
shadowMax	False	shadowAccount
shadowMin	False	shadowAccount
shadowWarning	False	shadowAccount
Show-In-Address-Book	False	Mail-Recipient
Show-In-Advanced-View-Only	False	Top
SID-History	False	Security-Principal
Site-Object-BL	False	Top
State-Or-Province-Name	False	Organizational-Person
Street-Address	False	Organizational-Person
Structural-Object-Class	False	Top
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
Supplemental-Credentials	False	Security-Principal
Surname	False	Person
System-Flags	False	Top
Telephone-Number	False	PersonMail-Recipient
Teletex-Terminal-Identifier	False	Organizational-Person
Telex-Number	False	Organizational-Person
Telex-Primary	False	Organizational-Person
Terminal-Server	False	User
Text-Country	False	Organizational-Person
Text-Encoded-OR-Address	False	Mail-Recipient
Title	False	Organizational-Person
Token-Groups	False	Security-Principal
Token-Groups-Global-And-Universal	False	Security-Principal
Token-Groups-No-GC-Acceptable	False	Security-Principal
uid	False	UserposixAccountshadowAccount
uidNumber	False	posixAccount
Unicode-Pwd	False	User
unixHomeDirectory	False	posixAccount
unixUserPassword	False	posixAccount
User-Account-Control	False	User
User-Cert	False	Mail-Recipient
User-Comment	False	Organizational-Person
User-Parameters	False	User
User-Password	False	PersonposixAccountshadowAccount
userPKCS12	False	User
User-Principal-Name	False	User
User-Shared-Folder	False	User
User-Shared-Folder-Other	False	User
User-SMIME-Certificate	False	UserMail-Recipient
User-Workstations	False	User
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top
X121-Address	False	Organizational-Person
x500uniqueIdentifier	False	User
X509-Cert	False	UserMail-Recipient

Windows Server 2008 R2 Extended Rights

This class contains the following extended rights for Windows Server 2008 R2:

Common Name
User-Change-Password
User-Force-Change-Password
Send-As
Receive-As
Allowed-To-Authenticate

Windows Server 2008 R2 Property Sets

This class contains the following property sets for Windows Server 2008 R2:

Common Name
General-Information
User-Account-Restrictions
User-Logon
Membership
Personal-Information
Email-Information
Web-Information
Public-Information
RAS-Information
Private-Information
Terminal-Server-License-Server

Windows Server 8 Beta

Attributes
Extended Rights
Property Sets

System-Only	False
Object-Category	1
Default-Object-Category	Person
Governs-Id	1.2.840.113556.1.5.9
Default-Hiding-Value	0
Rdn-Att-Id	Common-Name
Subclass of	Organizational-Person
Possible Superiors	Domain-DNSOrganizational-UnitBuiltin-Domain
Auxiliary Classes	posixAccountshadowAccountMail-Recipient (System)Security-Principal (System)
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
System-Flags	0x00000010

Windows Server 8 Beta Attributes

This class contains the following attributes for Windows Server 8 Beta:

Attribute	Mandatory	Derived from
Account-Expires	False	User
Account-Name-History	False	Security-Principal
ACS-Policy-Name	False	User
Address	False	Organizational-Person
Address-Home	False	UserOrganizational-Person
Admin-Count	False	User
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Alt-Security-Identities	False	Security-Principal
Assistant	False	Organizational-Person
attributeCertificateAttribute	False	Person
audio	False	User
Bad-Password-Time	False	User
Bad-Pwd-Count	False	User
Bridgehead-Server-List-BL	False	Top
Business-Category	False	User
Canonical-Name	False	Top
carLicense	False	User
Code-Page	False	User
Comment	False	Mail-Recipient
Common-Name	True	PersonMail-RecipientTopposixAccount
Company	False	Organizational-Person
Control-Access-Rights	False	User
Country-Code	False	Organizational-Person
Country-Name	False	Organizational-Person
Create-Time-Stamp	False	Top
DBCS-Pwd	False	User
Default-Class-Store	False	User
Department	False	Organizational-Person
departmentNumber	False	User
Description	False	TopposixAccountshadowAccount
Desktop-Profile	False	User
Destination-Indicator	False	Organizational-Person
Display-Name	False	UserTop
Display-Name-Printable	False	Top
Division	False	Organizational-Person
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Dynamic-LDAP-Server	False	User
E-mail-Addresses	False	UserOrganizational-Person
Employee-ID	False	Organizational-Person
Employee-Number	False	User
Employee-Type	False	User
Extension-Name	False	Top
Facsimile-Telephone-Number	False	Organizational-Person
Flags	False	Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Garbage-Coll-Period	False	Mail-Recipient
gecos	False	posixAccount
Generation-Qualifier	False	Organizational-Person
gidNumber	False	posixAccount
Given-Name	False	UserOrganizational-Person
Group-Membership-SAM	False	User
Group-Priority	False	User
Groups-to-Ignore	False	User
Home-Directory	False	UserposixAccount
Home-Drive	False	User
houseIdentifier	False	Organizational-Person
Initials	False	UserOrganizational-Person
Instance-Type	True	Top
International-ISDN-Number	False	Organizational-Person
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
Is-Recycled	False	Top
jpegPhoto	False	User
labeledURI	False	UserMail-Recipient
Last-Known-Parent	False	Top
Last-Logoff	False	User
Last-Logon	False	User
Last-Logon-Timestamp	False	User
Legacy-Exchange-DN	False	Mail-Recipient
Lm-Pwd-History	False	User
Locale-ID	False	User
Locality-Name	False	Organizational-Person
Lockout-Time	False	User
loginShell	False	posixAccount
Logo	False	Organizational-Person
Logon-Count	False	User
Logon-Hours	False	User
Logon-Workstation	False	User
Managed-Objects	False	Top
Manager	False	UserOrganizational-Person
Mastered-By	False	Top
Max-Storage	False	User
MHS-OR-Address	False	Organizational-Person
Modify-Time-Stamp	False	Top
ms-COM-PartitionSetLink	False	Top
ms-COM-UserLink	False	Top
ms-COM-UserPartitionSetLink	False	User
ms-DFSR-ComputerReferenceBL	False	Top
ms-DFSR-MemberReferenceBL	False	Top
MS-DRM-Identity-Certificate	False	User
ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity	False	Organizational-Person
ms-DS-Allowed-To-Delegate-To	False	Organizational-Person
ms-DS-Approx-Immed-Subordinates	False	Top
ms-DS-AuthenticatedAt-DC	False	User
ms-DS-AuthenticatedTo-Accountlist	False	Top
ms-DS-Cached-Membership	False	User
ms-DS-Cached-Membership-Time-Stamp	False	User
ms-DS-Claim-Shares-Possible-Values-With-BL	False	Top
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
MS-DS-Creator-SID	False	User
ms-DS-Enabled-Feature-BL	False	Top
ms-DS-Failed-Interactive-Logon-Count	False	User
ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon	False	User
ms-DS-GeoCoordinates-Altitude	False	Mail-Recipient
ms-DS-GeoCoordinates-Latitude	False	Mail-Recipient
ms-DS-GeoCoordinates-Longitude	False	Mail-Recipient
ms-DS-HAB-Seniority-Index	False	Organizational-Person
ms-DS-Host-Service-Account-BL	False	Top
ms-DS-Is-Domain-For	False	Top
ms-DS-Is-Full-Replica-For	False	Top
ms-DS-Is-Partial-Replica-For	False	Top
ms-DS-Is-Primary-Computer-For	False	Top
ms-DS-KeyVersionNumber	False	Security-Principal
ms-DS-KrbTgt-Link-BL	False	Top
ms-DS-Last-Failed-Interactive-Logon-Time	False	User
ms-DS-Last-Known-RDN	False	Top
ms-DS-Last-Successful-Interactive-Logon-Time	False	User
ms-DS-local-Effective-Deletion-Time	False	Top
ms-DS-local-Effective-Recycle-Time	False	Top
ms-DS-Mastered-By	False	Top
ms-DS-Members-For-Az-Role-BL	False	Top
ms-DS-Members-Of-Resource-Property-List-BL	False	Top
ms-DS-NC-Repl-Cursors	False	Top
ms-DS-NC-Repl-Inbound-Neighbors	False	Top
ms-DS-NC-Repl-Outbound-Neighbors	False	Top
ms-DS-NC-RO-Replica-Locations-BL	False	Top
ms-DS-NC-Type	False	Top
ms-DS-Non-Members-BL	False	Top
ms-DS-Object-Reference-BL	False	Top
ms-DS-OIDToGroup-Link-BL	False	Top
ms-DS-Operations-For-Az-Role-BL	False	Top
ms-DS-Operations-For-Az-Task-BL	False	Top
ms-DS-Phonetic-Company-Name	False	Organizational-Person
ms-DS-Phonetic-Department	False	Organizational-Person
ms-DS-Phonetic-Display-Name	False	Organizational-PersonMail-Recipient
ms-DS-Phonetic-First-Name	False	Organizational-Person
ms-DS-Phonetic-Last-Name	False	Organizational-Person
ms-DS-Primary-Computer	False	User
ms-DS-Principal-Name	False	Top
ms-DS-PSO-Applied	False	Top
ms-DS-Repl-Attribute-Meta-Data	False	Top
ms-DS-Repl-Value-Meta-Data	False	Top
ms-DS-Resultant-PSO	False	User
ms-DS-Revealed-DSAs	False	Top
ms-DS-Revealed-List-BL	False	Top
ms-DS-Secondary-KrbTgt-Number	False	User
ms-DS-Site-Affinity	False	User
ms-DS-Source-Object-DN	False	User
ms-DS-Supported-Encryption-Types	False	User
ms-DS-Tasks-For-Az-Role-BL	False	Top
ms-DS-Tasks-For-Az-Task-BL	False	Top
ms-DS-TDO-Egress-BL	False	Top
ms-DS-TDO-Ingress-BL	False	Top
ms-DS-User-Account-Control-Computed	False	User
ms-DS-User-Password-Expiry-Time-Computed	False	User
ms-DS-Value-Type-Reference-BL	False	Top
ms-Exch-Assistant-Name	False	Mail-Recipient
ms-Exch-House-Identifier	False	Organizational-Person
ms-Exch-LabeledURI	False	Mail-Recipient
ms-Exch-Owner-BL	False	Top
ms-IIS-FTP-Dir	False	User
ms-IIS-FTP-Root	False	User
MSMQ-Digests	False	User
MSMQ-Digests-Mig	False	User
MSMQ-Sign-Certificates	False	User
MSMQ-Sign-Certificates-Mig	False	User
msNPAllowDialin	False	User
msNPCallingStationID	False	User
msNPSavedCallingStationID	False	User
ms-PKI-AccountCredentials	False	User
ms-PKI-Credential-Roaming-Tokens	False	User
ms-PKI-DPAPIMasterKeys	False	User
ms-PKI-RoamingTimeStamp	False	User
msRADIUSCallbackNumber	False	User
ms-RADIUS-FramedInterfaceId	False	User
msRADIUSFramedIPAddress	False	User
ms-RADIUS-FramedIpv6Prefix	False	User
ms-RADIUS-FramedIpv6Route	False	User
msRADIUSFramedRoute	False	User
ms-RADIUS-SavedFramedInterfaceId	False	User
ms-RADIUS-SavedFramedIpv6Prefix	False	User
ms-RADIUS-SavedFramedIpv6Route	False	User
msRADIUSServiceType	False	User
msRASSavedCallbackNumber	False	User
msRASSavedFramedIPAddress	False	User
msRASSavedFramedRoute	False	User
msSFU-30-Name	False	User
msSFU-30-Nis-Domain	False	User
msSFU-30-Posix-Member-Of	False	Top
ms-TS-Allow-Logon	False	User
ms-TS-Broken-Connection-Action	False	User
ms-TS-Connect-Client-Drives	False	User
ms-TS-Connect-Printer-Drives	False	User
ms-TS-Default-To-Main-Printer	False	User
MS-TS-ExpireDate	False	User
MS-TS-ExpireDate2	False	User
MS-TS-ExpireDate3	False	User
MS-TS-ExpireDate4	False	User
ms-TS-Home-Directory	False	User
ms-TS-Home-Drive	False	User
ms-TS-Initial-Program	False	User
MS-TS-LicenseVersion	False	User
MS-TS-LicenseVersion2	False	User
MS-TS-LicenseVersion3	False	User
MS-TS-LicenseVersion4	False	User
MS-TSLS-Property01	False	User
MS-TSLS-Property02	False	User
MS-TS-ManagingLS	False	User
MS-TS-ManagingLS2	False	User
MS-TS-ManagingLS3	False	User
MS-TS-ManagingLS4	False	User
ms-TS-Max-Connection-Time	False	User
ms-TS-Max-Disconnection-Time	False	User
ms-TS-Max-Idle-Time	False	User
ms-TS-Primary-Desktop	False	User
ms-TS-Profile-Path	False	User
MS-TS-Property01	False	User
MS-TS-Property02	False	User
ms-TS-Reconnection-Action	False	User
ms-TS-Remote-Control	False	User
ms-TS-Secondary-Desktops	False	User
ms-TS-Work-Directory	False	User
netboot-SCP-BL	False	Top
Network-Address	False	User
Non-Security-Member-BL	False	Top
Nt-Pwd-History	False	User
NT-Security-Descriptor	True	TopSecurity-Principal
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Sid	True	Security-Principal
Object-Version	False	Top
Operator-Count	False	User
Organizational-Unit-Name	False	Organizational-Person
Organization-Name	False	UserOrganizational-Person
Other-Login-Workstations	False	User
Other-Mailbox	False	Organizational-Person
Other-Name	False	Organizational-Person
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
Personal-Title	False	Organizational-Person
Phone-Fax-Other	False	Organizational-Person
Phone-Home-Other	False	Organizational-Person
Phone-Home-Primary	False	UserOrganizational-Person
Phone-Ip-Other	False	Organizational-Person
Phone-Ip-Primary	False	Organizational-Person
Phone-ISDN-Primary	False	Organizational-Person
Phone-Mobile-Other	False	Organizational-Person
Phone-Mobile-Primary	False	UserOrganizational-Person
Phone-Office-Other	False	Organizational-Person
Phone-Pager-Other	False	Organizational-Person
Phone-Pager-Primary	False	UserOrganizational-Person
photo	False	User
Physical-Delivery-Office-Name	False	Organizational-Person
Picture	False	Organizational-Person
Possible-Inferiors	False	Top
Postal-Address	False	Organizational-Person
Postal-Code	False	Organizational-Person
Post-Office-Box	False	Organizational-Person
Preferred-Delivery-Method	False	Organizational-Person
preferredLanguage	False	User
Preferred-OU	False	User
Primary-Group-ID	False	User
Profile-Path	False	User
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Pwd-Last-Set	False	User
Query-Policy-BL	False	Top
RDN	False	Top
Registered-Address	False	Organizational-Person
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
Rid	False	Security-Principal
roomNumber	False	User
SAM-Account-Name	True	Security-Principal
SAM-Account-Type	False	Security-Principal
Script-Path	False	User
SD-Rights-Effective	False	Top
secretary	False	UserMail-Recipient
Security-Identifier	False	Security-Principal
See-Also	False	Person
Serial-Number	False	Person
Server-Reference-BL	False	Top
Service-Principal-Name	False	User
shadowExpire	False	shadowAccount
shadowFlag	False	shadowAccount
shadowInactive	False	shadowAccount
shadowLastChange	False	shadowAccount
shadowMax	False	shadowAccount
shadowMin	False	shadowAccount
shadowWarning	False	shadowAccount
Show-In-Address-Book	False	Mail-Recipient
Show-In-Advanced-View-Only	False	Top
SID-History	False	Security-Principal
Site-Object-BL	False	Top
State-Or-Province-Name	False	Organizational-Person
Street-Address	False	Organizational-Person
Structural-Object-Class	False	Top
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
Supplemental-Credentials	False	Security-Principal
Surname	False	Person
System-Flags	False	Top
Telephone-Number	False	PersonMail-Recipient
Teletex-Terminal-Identifier	False	Organizational-Person
Telex-Number	False	Organizational-Person
Telex-Primary	False	Organizational-Person
Terminal-Server	False	User
Text-Country	False	Organizational-Person
Text-Encoded-OR-Address	False	Mail-Recipient
Title	False	Organizational-Person
Token-Groups	False	Security-Principal
Token-Groups-Global-And-Universal	False	Security-Principal
Token-Groups-No-GC-Acceptable	False	Security-Principal
uid	False	UserposixAccountshadowAccount
uidNumber	False	posixAccount
Unicode-Pwd	False	User
unixHomeDirectory	False	posixAccount
unixUserPassword	False	posixAccount
User-Account-Control	False	User
User-Cert	False	Mail-Recipient
User-Comment	False	Organizational-Person
User-Parameters	False	User
User-Password	False	PersonposixAccountshadowAccount
userPKCS12	False	User
User-Principal-Name	False	User
User-Shared-Folder	False	User
User-Shared-Folder-Other	False	User
User-SMIME-Certificate	False	UserMail-Recipient
User-Workstations	False	User
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top
X121-Address	False	Organizational-Person
x500uniqueIdentifier	False	User
X509-Cert	False	UserMail-Recipient

Windows Server 8 Beta Extended Rights

This class contains the following extended rights for Windows Server 8 Beta:

Common Name
User-Change-Password
User-Force-Change-Password
Send-As
Receive-As
Allowed-To-Authenticate

Windows Server 8 Beta Property Sets

This class contains the following property sets for Windows Server 8 Beta:

Common Name
General-Information
User-Account-Restrictions
User-Logon
Membership
Personal-Information
Email-Information
Web-Information
Public-Information
RAS-Information
Private-Information
Terminal-Server-License-Server

Send comments about this topic to Microsoft

Build date: 2/3/2012

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Content Add

FAQ