3.1.1.3 Attribute Listing

  • Article

The following attributes are referenced by this protocol (listed by ldapDisplayName). For a normative description of the syntax, see [MS-ADA1], [MS-ADA2], and [MS-ADA3].

  • accountExpires

  • badPasswordTime

  • badPwdCount

  • codePage

  • countryCode

  • dBCSPwd

  • description

  • displayName

  • domainReplica

  • forceLogoff

  • groupType

  • homeDirectory

  • homeDrive

  • memberOf

  • lastLogoff

  • lastLogon

  • lmPwdHistory

  • lockOutObservationWindow

  • lockoutDuration

  • lockoutThreshold

  • lockoutTime

  • logonCount

  • logonHours

  • maxPwdAge

  • member

  • minPwdAge

  • minPwdLength

  • mS-DS-CreatorSID

  • mS-DS-MachineAccountQuota

  • msDS-LockoutObservationWindow

  • msDS-LockoutDuration

  • msDS-LockoutThreshold

  • msDS-MaximumPasswordAge

  • msDS-MinimumPasswordAge

  • msDS-MinimumPasswordLength

  • msDS-PasswordComplexityEnabled

  • msDS-PasswordHistoryLength

  • msDS-PasswordReversibleEncryptionEnabled

  • ntPwdHistory

  • nTSecurityDescriptor

  • objectClass

  • objectSid

  • oEMInformation

  • primaryGroupID

  • profilePath

  • pwdHistoryLength

  • pwdLastSet

  • pwdProperties

  • rIDAllocationPool

  • rIDPreviousAllocationPool

  • rIDSetReferences

  • sAMAccountName

  • sAMAccountType

  • scriptPath

  • serverState

  • supplementalCredentials

  • uASCompat

  • unicodePwd

  • userAccountControl

  • comment

  • userParameters

  • userWorkstations

  • objectClass

  • clearTextPassword*

*This attribute is not directly persisted. It has triggers that are applied when an update occurs that, in turn, can update other attributes. As such, it is not found in the Active Directory schema.