Mapping Between IADsUser Properties and Active Directory Attributes

When applicable, a property of ADSI user object is mapped to an appropriate Active Directory attribute. The ADSI user object properties are associated with the IADsUser property methods.

The following table lists the mapping between the IADsUser properties for the LDAP provider and the corresponding Active Directory attribute.

IADsUser propertyActive Directory attribute
AccountDisabled ADS_UF_ACCOUNTDISABLE flag in the userAccountControl attribute.
AccountExpirationDate accountExpires
BadLoginAddress Not Supported.
BadLoginCount badPwdCount
Department department
Description description
Division division
EmailAddress mail
EmployeeID employeeID
FaxNumber facsimileTelephoneNumber
FirstName givenName
FullName displayName
GraceLoginsAllowed Not Supported.
GraceLoginsRemaining Not Supported.
HomeDirectory homeDirectory
HomePage wWWHomePage
IsAccountLocked lockoutTime
Languages Not Supported.
LastFailedLogin badPasswordTime
LastLogin lastLogon
LastLogoff lastLogoff
LastName sn
LoginHours logonHours
LoginScript scriptPath
LoginWorkstations userWorkstations
Manager manager
MaxLogins Not Supported.
MaxStorage maxStorage
NamePrefix personalTitle
NameSuffix generationQualifier
OfficeLocations physicalDeliveryOfficeName
OtherName middleName
PasswordExpirationDate Set using Group Policy Editor*
PasswordLastChanged pwdLastSet
PasswordMinimumLength Set using Group Policy Editor*
PasswordRequired ADS_UF_PASSWD_NOTREQD flag in the userAccountControl attribute.
Picture thumbnailPhoto
PostalAddresses postalAddress
PostalCodes postalCode
Profile profilePath
RequireUniquePassword Set using Group Policy Editor*
SeeAlso seeAlso
TelephoneHome homePhone
TelephoneMobile mobile
TelephoneNumber telephoneNumber
TelephonePager pager
Title title
* For Windows 2000, group policy objects cannot be scripted; use the Microsoft Management Console snap-in to set them.

 

 

 

Show:
© 2014 Microsoft