This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 51%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE8%3C/text%3E%3C/svg%3E)
Hi,
I am looking for a way to query and set specific computer account attributes in Active Directory without using the LDAP protocol. Currently, I am using the DRSUAPI protocol to set the servicePrincipalName property. However, I couldn't find an alternative protocol (other than LDAP) to query the value of msDS-KeyVersionNumber or to set the value of msDS-SupportedEncryptionTypes.
Is there another protocol that can be used to query and set these specific attributes?
Thank you for your assistance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 81%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETJ%3C/text%3E%3C/svg%3E)
Hi E-8437,
Thanks for you request regarding msDS-KeyVersionNumber and msDS-SupportedEncryptionTypes. One of the Open Specifications team members will respond to assist you.
Best regards,
Tom Jebo
Microsoft Open Specifications Support
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOF%3C/text%3E%3C/svg%3E)
Hi E-8437:
Currently LDAP is the only way to set/query the attributes you mentioned.
Legacy protocols like MS-SAMR are not being enhanced to account for new attributes in AD.
Please let me know if this does not answer your question.
Regards,
Obaid Farooqi -MSFT