List Active Directory User Attribute OID's

rr-4098 1,836 Reputation points
2024-01-17T19:18:24.73+00:00

We are setting up ADFS to connect with an external vendor. The "names" they user for account attributes does not line up with AD so they sent us the OID's of the objects they accept. One of the OID's they sent comes up as "userID" when I searched online, but what does this line up to in AD? When I looked up the OID for SaMAccount it seems to have a different OID. Is there a way to list the OID's of each attribute on a user account?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,862 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marius Ene 340 Reputation points
    2024-01-18T03:54:24.3533333+00:00

    You can use the AD schema snapin from the mmc.exe.
    You might need to register Schmmgmt.dll:

    1. Click Start, and then click Run.
    2. Type regsvr32 schmmgmt.dll in the Open box, and then click OK.
    3. Click OK when you receive the message that the operation succeeded.

    Here is the user id attribute OID: 0.9.2342.19200300.100.1.1

    User's image

    There might be some scripts out there to retrieve what you want but with the MMC you should be fine.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. JimmySalian-2011 42,241 Reputation points
    2024-01-17T19:31:33.0233333+00:00

    HI,

    They could be referring to a custom attribute in AD, however you can check the complete list of AD Attributes over here https://learn.microsoft.com/en-us/windows/win32/adschema/attributes-all.

    Hope this helps. JS

    == Please Accept the answer if the information helped you. This will help us and others in the community as well.


  2. Ian Xue 39,286 Reputation points Microsoft Vendor
    2024-01-18T04:59:35.2933333+00:00

    Hi rr-4098,

    The Attribute-Id in the attribute list given by JimmySalian-2011 is the same as OID. You can try the PowerShell script like below to list the OIDs of the attributes of a user account. Replace $User with your user name.

    $User = "test"
    $SchemaPath = (Get-ADRootDSE).schemaNamingContext
    (Get-ADUser $User -Properties *).PSObject.Properties.Name | ForEach-Object {
        Get-ADObject -SearchBase $SchemaPath -Filter 'lDAPDisplayName -eq $_' -Properties lDAPDisplayName,attributeID | Select-Object -Property lDAPDisplayName,attributeID
    }
    
    

    Best Regards,

    Ian Xue


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.