ms-PKI-Key-Recovery-Agent class

One key recovery agent (KRA) object instance is created for each installed Cert Server (with a unique common name) during cert server setup. If two CAs were given the same common name during CA setup, they will share a single KRA object instance.

Entry Value
CN ms-PKI-Key-Recovery-Agent
Ldap-Display-Name msPKI-Key-Recovery-Agent
Update Privilege An admin installing a CA will need to be able to create a KRA instance in the KRA container. Installed cert servers need to be able to update the userCertificate attribute.
Update Frequency A few certificates will be added at most every few months.
Schema-Id-Guid 26ccf238-a08e-4b86-9a82-a8c9ac7ee5cb

Implementations

Windows Server 2003

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.195
Default-Hiding-Value 1
Rdn-Att-Id Common-Name
Subclass of User
Possible Superiors Container
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags 0x00000010

Windows Server 2003 Attributes

This class contains the following attributes for Windows Server 2003:

Attribute Mandatory Derived from
Account-Expires False User
ACS-Policy-Name False User
Address False Organizational-Person
Address-Home False User
Organizational-Person
Admin-Count False User
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Assistant False Organizational-Person
attributeCertificateAttribute False Person
audio False User
Bad-Password-Time False User
Bad-Pwd-Count False User
Bridgehead-Server-List-BL False Top
Business-Category False User
Canonical-Name False Top
carLicense False User
Code-Page False User
Common-Name True Person
Top
Company False Organizational-Person
Control-Access-Rights False User
Country-Code False Organizational-Person
Country-Name False Organizational-Person
Create-Time-Stamp False Top
DBCS-Pwd False User
Default-Class-Store False User
Department False Organizational-Person
departmentNumber False User
Description False Top
Desktop-Profile False User
Destination-Indicator False Organizational-Person
Display-Name False User
Top
Display-Name-Printable False Top
Division False Organizational-Person
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Dynamic-LDAP-Server False User
E-mail-Addresses False User
Organizational-Person
Employee-ID False Organizational-Person
Employee-Number False User
Employee-Type False User
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Person
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Generation-Qualifier False Organizational-Person
Given-Name False User
Organizational-Person
Group-Membership-SAM False User
Group-Priority False User
Groups-to-Ignore False User
Home-Directory False User
Home-Drive False User
houseIdentifier False Organizational-Person
Initials False User
Organizational-Person
Instance-Type True Top
International-ISDN-Number False Organizational-Person
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
jpegPhoto False User
labeledURI False User
Last-Known-Parent False Top
Last-Logoff False User
Last-Logon False User
Last-Logon-Timestamp False User
Lm-Pwd-History False User
Locale-ID False User
Locality-Name False Organizational-Person
Lockout-Time False User
Logo False Organizational-Person
Logon-Count False User
Logon-Hours False User
Logon-Workstation False User
Managed-Objects False Top
Manager False User
Organizational-Person
Mastered-By False Top
Max-Storage False User
MHS-OR-Address False Organizational-Person
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-COM-UserPartitionSetLink False User
MS-DRM-Identity-Certificate False User
ms-DS-Allowed-To-Delegate-To False Organizational-Person
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-Cached-Membership False User
ms-DS-Cached-Membership-Time-Stamp False User
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
MS-DS-Creator-SID False User
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Site-Affinity False User
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-DS-User-Account-Control-Computed False User
ms-Exch-House-Identifier False Organizational-Person
ms-Exch-Owner-BL False Top
ms-IIS-FTP-Dir False User
ms-IIS-FTP-Root False User
MSMQ-Digests False User
MSMQ-Digests-Mig False User
MSMQ-Sign-Certificates False User
MSMQ-Sign-Certificates-Mig False User
msNPAllowDialin False User
msNPCallingStationID False User
msNPSavedCallingStationID False User
msRADIUSCallbackNumber False User
msRADIUSFramedIPAddress False User
msRADIUSFramedRoute False User
msRADIUSServiceType False User
msRASSavedCallbackNumber False User
msRASSavedFramedIPAddress False User
msRASSavedFramedRoute False User
netboot-SCP-BL False Top
Network-Address False User
Non-Security-Member-BL False Top
Nt-Pwd-History False User
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Operator-Count False User
Organizational-Unit-Name False Organizational-Person
Organization-Name False User
Organizational-Person
Other-Login-Workstations False User
Other-Mailbox False Organizational-Person
Other-Name False Organizational-Person
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Personal-Title False Organizational-Person
Phone-Fax-Other False Organizational-Person
Phone-Home-Other False Organizational-Person
Phone-Home-Primary False User
Organizational-Person
Phone-Ip-Other False Organizational-Person
Phone-Ip-Primary False Organizational-Person
Phone-ISDN-Primary False Organizational-Person
Phone-Mobile-Other False Organizational-Person
Phone-Mobile-Primary False User
Organizational-Person
Phone-Office-Other False Organizational-Person
Phone-Pager-Other False Organizational-Person
Phone-Pager-Primary False User
Organizational-Person
photo False User
Physical-Delivery-Office-Name False Organizational-Person
Picture False Organizational-Person
Possible-Inferiors False Top
Postal-Address False Organizational-Person
Postal-Code False Organizational-Person
Post-Office-Box False Organizational-Person
Preferred-Delivery-Method False Organizational-Person
preferredLanguage False User
Preferred-OU False User
Primary-Group-ID False User
Profile-Path False User
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-Last-Set False User
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Person
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
roomNumber False User
Script-Path False User
SD-Rights-Effective False Top
secretary False User
See-Also False Person
Serial-Number False Person
Server-Reference-BL False Top
Service-Principal-Name False User
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Person
Street-Address False Organizational-Person
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Surname False Person
System-Flags False Top
Telephone-Number False Person
Teletex-Terminal-Identifier False Organizational-Person
Telex-Number False Organizational-Person
Telex-Primary False Organizational-Person
Terminal-Server False User
Text-Country False Organizational-Person
Title False Organizational-Person
uid False User
Unicode-Pwd False User
User-Account-Control False User
User-Comment False Organizational-Person
User-Parameters False User
User-Password False Person
userPKCS12 False User
User-Principal-Name False User
User-Shared-Folder False User
User-Shared-Folder-Other False User
User-SMIME-Certificate False User
User-Workstations False User
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Person
x500uniqueIdentifier False User
X509-Cert False User

Windows Server 2003 R2

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.195
Default-Hiding-Value 1
Rdn-Att-Id Common-Name
Subclass of User
Possible Superiors Container
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags 0x00000010

Windows Server 2003 R2 Attributes

This class contains the following attributes for Windows Server 2003 R2:

Attribute Mandatory Derived from
Account-Expires False User
ACS-Policy-Name False User
Address False Organizational-Person
Address-Home False User
Organizational-Person
Admin-Count False User
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Assistant False Organizational-Person
attributeCertificateAttribute False Person
audio False User
Bad-Password-Time False User
Bad-Pwd-Count False User
Bridgehead-Server-List-BL False Top
Business-Category False User
Canonical-Name False Top
carLicense False User
Code-Page False User
Common-Name True Person
Top
Company False Organizational-Person
Control-Access-Rights False User
Country-Code False Organizational-Person
Country-Name False Organizational-Person
Create-Time-Stamp False Top
DBCS-Pwd False User
Default-Class-Store False User
Department False Organizational-Person
departmentNumber False User
Description False Top
Desktop-Profile False User
Destination-Indicator False Organizational-Person
Display-Name False User
Top
Display-Name-Printable False Top
Division False Organizational-Person
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Dynamic-LDAP-Server False User
E-mail-Addresses False User
Organizational-Person
Employee-ID False Organizational-Person
Employee-Number False User
Employee-Type False User
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Person
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Generation-Qualifier False Organizational-Person
Given-Name False User
Organizational-Person
Group-Membership-SAM False User
Group-Priority False User
Groups-to-Ignore False User
Home-Directory False User
Home-Drive False User
houseIdentifier False Organizational-Person
Initials False User
Organizational-Person
Instance-Type True Top
International-ISDN-Number False Organizational-Person
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
jpegPhoto False User
labeledURI False User
Last-Known-Parent False Top
Last-Logoff False User
Last-Logon False User
Last-Logon-Timestamp False User
Lm-Pwd-History False User
Locale-ID False User
Locality-Name False Organizational-Person
Lockout-Time False User
Logo False Organizational-Person
Logon-Count False User
Logon-Hours False User
Logon-Workstation False User
Managed-Objects False Top
Manager False User
Organizational-Person
Mastered-By False Top
Max-Storage False User
MHS-OR-Address False Organizational-Person
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-COM-UserPartitionSetLink False User
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
MS-DRM-Identity-Certificate False User
ms-DS-Allowed-To-Delegate-To False Organizational-Person
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-Cached-Membership False User
ms-DS-Cached-Membership-Time-Stamp False User
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
MS-DS-Creator-SID False User
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Site-Affinity False User
ms-DS-Source-Object-DN False User
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-DS-User-Account-Control-Computed False User
ms-Exch-House-Identifier False Organizational-Person
ms-Exch-Owner-BL False Top
ms-IIS-FTP-Dir False User
ms-IIS-FTP-Root False User
MSMQ-Digests False User
MSMQ-Digests-Mig False User
MSMQ-Sign-Certificates False User
MSMQ-Sign-Certificates-Mig False User
msNPAllowDialin False User
msNPCallingStationID False User
msNPSavedCallingStationID False User
msRADIUSCallbackNumber False User
msRADIUSFramedIPAddress False User
msRADIUSFramedRoute False User
msRADIUSServiceType False User
msRASSavedCallbackNumber False User
msRASSavedFramedIPAddress False User
msRASSavedFramedRoute False User
msSFU-30-Name False User
msSFU-30-Nis-Domain False User
msSFU-30-Posix-Member-Of False Top
netboot-SCP-BL False Top
Network-Address False User
Non-Security-Member-BL False Top
Nt-Pwd-History False User
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Operator-Count False User
Organizational-Unit-Name False Organizational-Person
Organization-Name False User
Organizational-Person
Other-Login-Workstations False User
Other-Mailbox False Organizational-Person
Other-Name False Organizational-Person
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Personal-Title False Organizational-Person
Phone-Fax-Other False Organizational-Person
Phone-Home-Other False Organizational-Person
Phone-Home-Primary False User
Organizational-Person
Phone-Ip-Other False Organizational-Person
Phone-Ip-Primary False Organizational-Person
Phone-ISDN-Primary False Organizational-Person
Phone-Mobile-Other False Organizational-Person
Phone-Mobile-Primary False User
Organizational-Person
Phone-Office-Other False Organizational-Person
Phone-Pager-Other False Organizational-Person
Phone-Pager-Primary False User
Organizational-Person
photo False User
Physical-Delivery-Office-Name False Organizational-Person
Picture False Organizational-Person
Possible-Inferiors False Top
Postal-Address False Organizational-Person
Postal-Code False Organizational-Person
Post-Office-Box False Organizational-Person
Preferred-Delivery-Method False Organizational-Person
preferredLanguage False User
Preferred-OU False User
Primary-Group-ID False User
Profile-Path False User
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-Last-Set False User
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Person
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
roomNumber False User
Script-Path False User
SD-Rights-Effective False Top
secretary False User
See-Also False Person
Serial-Number False Person
Server-Reference-BL False Top
Service-Principal-Name False User
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Person
Street-Address False Organizational-Person
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Surname False Person
System-Flags False Top
Telephone-Number False Person
Teletex-Terminal-Identifier False Organizational-Person
Telex-Number False Organizational-Person
Telex-Primary False Organizational-Person
Terminal-Server False User
Text-Country False Organizational-Person
Title False Organizational-Person
uid False User
Unicode-Pwd False User
User-Account-Control False User
User-Comment False Organizational-Person
User-Parameters False User
User-Password False Person
userPKCS12 False User
User-Principal-Name False User
User-Shared-Folder False User
User-Shared-Folder-Other False User
User-SMIME-Certificate False User
User-Workstations False User
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Person
x500uniqueIdentifier False User
X509-Cert False User

Windows Server 2008

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.195
Default-Hiding-Value 1
Rdn-Att-Id Common-Name
Subclass of User
Possible Superiors Container
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags 0x00000010

Windows Server 2008 Attributes

This class contains the following attributes for Windows Server 2008:

Attribute Mandatory Derived from
Account-Expires False User
ACS-Policy-Name False User
Address False Organizational-Person
Address-Home False User
Organizational-Person
Admin-Count False User
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Assistant False Organizational-Person
attributeCertificateAttribute False Person
audio False User
Bad-Password-Time False User
Bad-Pwd-Count False User
Bridgehead-Server-List-BL False Top
Business-Category False User
Canonical-Name False Top
carLicense False User
Code-Page False User
Common-Name True Person
Top
Company False Organizational-Person
Control-Access-Rights False User
Country-Code False Organizational-Person
Country-Name False Organizational-Person
Create-Time-Stamp False Top
DBCS-Pwd False User
Default-Class-Store False User
Department False Organizational-Person
departmentNumber False User
Description False Top
Desktop-Profile False User
Destination-Indicator False Organizational-Person
Display-Name False User
Top
Display-Name-Printable False Top
Division False Organizational-Person
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Dynamic-LDAP-Server False User
E-mail-Addresses False User
Organizational-Person
Employee-ID False Organizational-Person
Employee-Number False User
Employee-Type False User
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Person
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Generation-Qualifier False Organizational-Person
Given-Name False User
Organizational-Person
Group-Membership-SAM False User
Group-Priority False User
Groups-to-Ignore False User
Home-Directory False User
Home-Drive False User
houseIdentifier False Organizational-Person
Initials False User
Organizational-Person
Instance-Type True Top
International-ISDN-Number False Organizational-Person
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
jpegPhoto False User
labeledURI False User
Last-Known-Parent False Top
Last-Logoff False User
Last-Logon False User
Last-Logon-Timestamp False User
Lm-Pwd-History False User
Locale-ID False User
Locality-Name False Organizational-Person
Lockout-Time False User
Logo False Organizational-Person
Logon-Count False User
Logon-Hours False User
Logon-Workstation False User
Managed-Objects False Top
Manager False User
Organizational-Person
Mastered-By False Top
Max-Storage False User
MHS-OR-Address False Organizational-Person
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-COM-UserPartitionSetLink False User
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
MS-DRM-Identity-Certificate False User
ms-DS-Allowed-To-Delegate-To False Organizational-Person
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedAt-DC False User
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Cached-Membership False User
ms-DS-Cached-Membership-Time-Stamp False User
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
MS-DS-Creator-SID False User
ms-DS-Failed-Interactive-Logon-Count False User
ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon False User
ms-DS-HAB-Seniority-Index False Organizational-Person
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-Is-Partial-Replica-For False Top
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Last-Failed-Interactive-Logon-Time False User
ms-DS-Last-Successful-Interactive-Logon-Time False User
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Phonetic-Company-Name False Organizational-Person
ms-DS-Phonetic-Department False Organizational-Person
ms-DS-Phonetic-Display-Name False Organizational-Person
ms-DS-Phonetic-First-Name False Organizational-Person
ms-DS-Phonetic-Last-Name False Organizational-Person
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Resultant-PSO False User
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Secondary-KrbTgt-Number False User
ms-DS-Site-Affinity False User
ms-DS-Source-Object-DN False User
ms-DS-Supported-Encryption-Types False User
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-DS-User-Account-Control-Computed False User
ms-DS-User-Password-Expiry-Time-Computed False User
ms-Exch-House-Identifier False Organizational-Person
ms-Exch-Owner-BL False Top
ms-IIS-FTP-Dir False User
ms-IIS-FTP-Root False User
MSMQ-Digests False User
MSMQ-Digests-Mig False User
MSMQ-Sign-Certificates False User
MSMQ-Sign-Certificates-Mig False User
msNPAllowDialin False User
msNPCallingStationID False User
msNPSavedCallingStationID False User
ms-PKI-AccountCredentials False User
ms-PKI-DPAPIMasterKeys False User
ms-PKI-RoamingTimeStamp False User
msRADIUSCallbackNumber False User
ms-RADIUS-FramedInterfaceId False User
msRADIUSFramedIPAddress False User
ms-RADIUS-FramedIpv6Prefix False User
ms-RADIUS-FramedIpv6Route False User
msRADIUSFramedRoute False User
ms-RADIUS-SavedFramedInterfaceId False User
ms-RADIUS-SavedFramedIpv6Prefix False User
ms-RADIUS-SavedFramedIpv6Route False User
msRADIUSServiceType False User
msRASSavedCallbackNumber False User
msRASSavedFramedIPAddress False User
msRASSavedFramedRoute False User
msSFU-30-Name False User
msSFU-30-Nis-Domain False User
msSFU-30-Posix-Member-Of False Top
ms-TS-Allow-Logon False User
ms-TS-Broken-Connection-Action False User
ms-TS-Connect-Client-Drives False User
ms-TS-Connect-Printer-Drives False User
ms-TS-Default-To-Main-Printer False User
MS-TS-ExpireDate False User
MS-TS-ExpireDate2 False User
MS-TS-ExpireDate3 False User
MS-TS-ExpireDate4 False User
ms-TS-Home-Directory False User
ms-TS-Home-Drive False User
ms-TS-Initial-Program False User
MS-TS-LicenseVersion False User
MS-TS-LicenseVersion2 False User
MS-TS-LicenseVersion3 False User
MS-TS-LicenseVersion4 False User
MS-TSLS-Property01 False User
MS-TSLS-Property02 False User
MS-TS-ManagingLS False User
MS-TS-ManagingLS2 False User
MS-TS-ManagingLS3 False User
MS-TS-ManagingLS4 False User
ms-TS-Max-Connection-Time False User
ms-TS-Max-Disconnection-Time False User
ms-TS-Max-Idle-Time False User
ms-TS-Profile-Path False User
MS-TS-Property01 False User
MS-TS-Property02 False User
ms-TS-Reconnection-Action False User
ms-TS-Remote-Control False User
ms-TS-Work-Directory False User
netboot-SCP-BL False Top
Network-Address False User
Non-Security-Member-BL False Top
Nt-Pwd-History False User
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Operator-Count False User
Organizational-Unit-Name False Organizational-Person
Organization-Name False User
Organizational-Person
Other-Login-Workstations False User
Other-Mailbox False Organizational-Person
Other-Name False Organizational-Person
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Personal-Title False Organizational-Person
Phone-Fax-Other False Organizational-Person
Phone-Home-Other False Organizational-Person
Phone-Home-Primary False User
Organizational-Person
Phone-Ip-Other False Organizational-Person
Phone-Ip-Primary False Organizational-Person
Phone-ISDN-Primary False Organizational-Person
Phone-Mobile-Other False Organizational-Person
Phone-Mobile-Primary False User
Organizational-Person
Phone-Office-Other False Organizational-Person
Phone-Pager-Other False Organizational-Person
Phone-Pager-Primary False User
Organizational-Person
photo False User
Physical-Delivery-Office-Name False Organizational-Person
Picture False Organizational-Person
Possible-Inferiors False Top
Postal-Address False Organizational-Person
Postal-Code False Organizational-Person
Post-Office-Box False Organizational-Person
Preferred-Delivery-Method False Organizational-Person
preferredLanguage False User
Preferred-OU False User
Primary-Group-ID False User
Profile-Path False User
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-Last-Set False User
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Person
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
roomNumber False User
Script-Path False User
SD-Rights-Effective False Top
secretary False User
See-Also False Person
Serial-Number False Person
Server-Reference-BL False Top
Service-Principal-Name False User
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Person
Street-Address False Organizational-Person
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Surname False Person
System-Flags False Top
Telephone-Number False Person
Teletex-Terminal-Identifier False Organizational-Person
Telex-Number False Organizational-Person
Telex-Primary False Organizational-Person
Terminal-Server False User
Text-Country False Organizational-Person
Title False Organizational-Person
uid False User
Unicode-Pwd False User
User-Account-Control False User
User-Comment False Organizational-Person
User-Parameters False User
User-Password False Person
userPKCS12 False User
User-Principal-Name False User
User-Shared-Folder False User
User-Shared-Folder-Other False User
User-SMIME-Certificate False User
User-Workstations False User
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Person
x500uniqueIdentifier False User
X509-Cert False User

Windows Server 2008 R2

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.195
Default-Hiding-Value 1
Rdn-Att-Id Common-Name
Subclass of User
Possible Superiors Container
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags 0x00000010

Windows Server 2008 R2 Attributes

This class contains the following attributes for Windows Server 2008 R2:

Attribute Mandatory Derived from
Account-Expires False User
ACS-Policy-Name False User
Address False Organizational-Person
Address-Home False User
Organizational-Person
Admin-Count False User
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Assistant False Organizational-Person
attributeCertificateAttribute False Person
audio False User
Bad-Password-Time False User
Bad-Pwd-Count False User
Bridgehead-Server-List-BL False Top
Business-Category False User
Canonical-Name False Top
carLicense False User
Code-Page False User
Common-Name True Person
Top
Company False Organizational-Person
Control-Access-Rights False User
Country-Code False Organizational-Person
Country-Name False Organizational-Person
Create-Time-Stamp False Top
DBCS-Pwd False User
Default-Class-Store False User
Department False Organizational-Person
departmentNumber False User
Description False Top
Desktop-Profile False User
Destination-Indicator False Organizational-Person
Display-Name False User
Top
Display-Name-Printable False Top
Division False Organizational-Person
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Dynamic-LDAP-Server False User
E-mail-Addresses False User
Organizational-Person
Employee-ID False Organizational-Person
Employee-Number False User
Employee-Type False User
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Person
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Generation-Qualifier False Organizational-Person
Given-Name False User
Organizational-Person
Group-Membership-SAM False User
Group-Priority False User
Groups-to-Ignore False User
Home-Directory False User
Home-Drive False User
houseIdentifier False Organizational-Person
Initials False User
Organizational-Person
Instance-Type True Top
International-ISDN-Number False Organizational-Person
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Is-Recycled False Top
jpegPhoto False User
labeledURI False User
Last-Known-Parent False Top
Last-Logoff False User
Last-Logon False User
Last-Logon-Timestamp False User
Lm-Pwd-History False User
Locale-ID False User
Locality-Name False Organizational-Person
Lockout-Time False User
Logo False Organizational-Person
Logon-Count False User
Logon-Hours False User
Logon-Workstation False User
Managed-Objects False Top
Manager False User
Organizational-Person
Mastered-By False Top
Max-Storage False User
MHS-OR-Address False Organizational-Person
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-COM-UserPartitionSetLink False User
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
MS-DRM-Identity-Certificate False User
ms-DS-Allowed-To-Delegate-To False Organizational-Person
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedAt-DC False User
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Cached-Membership False User
ms-DS-Cached-Membership-Time-Stamp False User
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
MS-DS-Creator-SID False User
ms-DS-Enabled-Feature-BL False Top
ms-DS-Failed-Interactive-Logon-Count False User
ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon False User
ms-DS-HAB-Seniority-Index False Organizational-Person
ms-DS-Host-Service-Account-BL False Top
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-Is-Partial-Replica-For False Top
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Last-Failed-Interactive-Logon-Time False User
ms-DS-Last-Known-RDN False Top
ms-DS-Last-Successful-Interactive-Logon-Time False User
ms-DS-local-Effective-Deletion-Time False Top
ms-DS-local-Effective-Recycle-Time False Top
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-OIDToGroup-Link-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Phonetic-Company-Name False Organizational-Person
ms-DS-Phonetic-Department False Organizational-Person
ms-DS-Phonetic-Display-Name False Organizational-Person
ms-DS-Phonetic-First-Name False Organizational-Person
ms-DS-Phonetic-Last-Name False Organizational-Person
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Resultant-PSO False User
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Secondary-KrbTgt-Number False User
ms-DS-Site-Affinity False User
ms-DS-Source-Object-DN False User
ms-DS-Supported-Encryption-Types False User
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-DS-User-Account-Control-Computed False User
ms-DS-User-Password-Expiry-Time-Computed False User
ms-Exch-House-Identifier False Organizational-Person
ms-Exch-Owner-BL False Top
ms-IIS-FTP-Dir False User
ms-IIS-FTP-Root False User
MSMQ-Digests False User
MSMQ-Digests-Mig False User
MSMQ-Sign-Certificates False User
MSMQ-Sign-Certificates-Mig False User
msNPAllowDialin False User
msNPCallingStationID False User
msNPSavedCallingStationID False User
ms-PKI-AccountCredentials False User
ms-PKI-Credential-Roaming-Tokens False User
ms-PKI-DPAPIMasterKeys False User
ms-PKI-RoamingTimeStamp False User
msRADIUSCallbackNumber False User
ms-RADIUS-FramedInterfaceId False User
msRADIUSFramedIPAddress False User
ms-RADIUS-FramedIpv6Prefix False User
ms-RADIUS-FramedIpv6Route False User
msRADIUSFramedRoute False User
ms-RADIUS-SavedFramedInterfaceId False User
ms-RADIUS-SavedFramedIpv6Prefix False User
ms-RADIUS-SavedFramedIpv6Route False User
msRADIUSServiceType False User
msRASSavedCallbackNumber False User
msRASSavedFramedIPAddress False User
msRASSavedFramedRoute False User
msSFU-30-Name False User
msSFU-30-Nis-Domain False User
msSFU-30-Posix-Member-Of False Top
ms-TS-Allow-Logon False User
ms-TS-Broken-Connection-Action False User
ms-TS-Connect-Client-Drives False User
ms-TS-Connect-Printer-Drives False User
ms-TS-Default-To-Main-Printer False User
MS-TS-ExpireDate False User
MS-TS-ExpireDate2 False User
MS-TS-ExpireDate3 False User
MS-TS-ExpireDate4 False User
ms-TS-Home-Directory False User
ms-TS-Home-Drive False User
ms-TS-Initial-Program False User
MS-TS-LicenseVersion False User
MS-TS-LicenseVersion2 False User
MS-TS-LicenseVersion3 False User
MS-TS-LicenseVersion4 False User
MS-TSLS-Property01 False User
MS-TSLS-Property02 False User
MS-TS-ManagingLS False User
MS-TS-ManagingLS2 False User
MS-TS-ManagingLS3 False User
MS-TS-ManagingLS4 False User
ms-TS-Max-Connection-Time False User
ms-TS-Max-Disconnection-Time False User
ms-TS-Max-Idle-Time False User
ms-TS-Primary-Desktop False User
ms-TS-Profile-Path False User
MS-TS-Property01 False User
MS-TS-Property02 False User
ms-TS-Reconnection-Action False User
ms-TS-Remote-Control False User
ms-TS-Secondary-Desktops False User
ms-TS-Work-Directory False User
netboot-SCP-BL False Top
Network-Address False User
Non-Security-Member-BL False Top
Nt-Pwd-History False User
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Operator-Count False User
Organizational-Unit-Name False Organizational-Person
Organization-Name False User
Organizational-Person
Other-Login-Workstations False User
Other-Mailbox False Organizational-Person
Other-Name False Organizational-Person
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Personal-Title False Organizational-Person
Phone-Fax-Other False Organizational-Person
Phone-Home-Other False Organizational-Person
Phone-Home-Primary False User
Organizational-Person
Phone-Ip-Other False Organizational-Person
Phone-Ip-Primary False Organizational-Person
Phone-ISDN-Primary False Organizational-Person
Phone-Mobile-Other False Organizational-Person
Phone-Mobile-Primary False User
Organizational-Person
Phone-Office-Other False Organizational-Person
Phone-Pager-Other False Organizational-Person
Phone-Pager-Primary False User
Organizational-Person
photo False User
Physical-Delivery-Office-Name False Organizational-Person
Picture False Organizational-Person
Possible-Inferiors False Top
Postal-Address False Organizational-Person
Postal-Code False Organizational-Person
Post-Office-Box False Organizational-Person
Preferred-Delivery-Method False Organizational-Person
preferredLanguage False User
Preferred-OU False User
Primary-Group-ID False User
Profile-Path False User
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-Last-Set False User
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Person
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
roomNumber False User
Script-Path False User
SD-Rights-Effective False Top
secretary False User
See-Also False Person
Serial-Number False Person
Server-Reference-BL False Top
Service-Principal-Name False User
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Person
Street-Address False Organizational-Person
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Surname False Person
System-Flags False Top
Telephone-Number False Person
Teletex-Terminal-Identifier False Organizational-Person
Telex-Number False Organizational-Person
Telex-Primary False Organizational-Person
Terminal-Server False User
Text-Country False Organizational-Person
Title False Organizational-Person
uid False User
Unicode-Pwd False User
User-Account-Control False User
User-Comment False Organizational-Person
User-Parameters False User
User-Password False Person
userPKCS12 False User
User-Principal-Name False User
User-Shared-Folder False User
User-Shared-Folder-Other False User
User-SMIME-Certificate False User
User-Workstations False User
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Person
x500uniqueIdentifier False User
X509-Cert False User

Windows Server 2012

Entry Value
System-Only False
Object-Category 1
Default-Object-Category -
Governs-Id 1.2.840.113556.1.5.195
Default-Hiding-Value 1
Rdn-Att-Id Common-Name
Subclass of User
Possible Superiors Container
Auxiliary Classes -
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags 0x00000010

Windows Server 2012 Attributes

This class contains the following attributes for Windows Server 2012:

Attribute Mandatory Derived from
Account-Expires False User
ACS-Policy-Name False User
Address False Organizational-Person
Address-Home False User
Organizational-Person
Admin-Count False User
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Assistant False Organizational-Person
attributeCertificateAttribute False Person
audio False User
Bad-Password-Time False User
Bad-Pwd-Count False User
Bridgehead-Server-List-BL False Top
Business-Category False User
Canonical-Name False Top
carLicense False User
Code-Page False User
Common-Name True Person
Top
Company False Organizational-Person
Control-Access-Rights False User
Country-Code False Organizational-Person
Country-Name False Organizational-Person
Create-Time-Stamp False Top
DBCS-Pwd False User
Default-Class-Store False User
Department False Organizational-Person
departmentNumber False User
Description False Top
Desktop-Profile False User
Destination-Indicator False Organizational-Person
Display-Name False User
Top
Display-Name-Printable False Top
Division False Organizational-Person
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Dynamic-LDAP-Server False User
E-mail-Addresses False User
Organizational-Person
Employee-ID False Organizational-Person
Employee-Number False User
Employee-Type False User
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Person
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Generation-Qualifier False Organizational-Person
Given-Name False User
Organizational-Person
Group-Membership-SAM False User
Group-Priority False User
Groups-to-Ignore False User
Home-Directory False User
Home-Drive False User
houseIdentifier False Organizational-Person
Initials False User
Organizational-Person
Instance-Type True Top
International-ISDN-Number False Organizational-Person
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Is-Recycled False Top
jpegPhoto False User
labeledURI False User
Last-Known-Parent False Top
Last-Logoff False User
Last-Logon False User
Last-Logon-Timestamp False User
Lm-Pwd-History False User
Locale-ID False User
Locality-Name False Organizational-Person
Lockout-Time False User
Logo False Organizational-Person
Logon-Count False User
Logon-Hours False User
Logon-Workstation False User
Managed-Objects False Top
Manager False User
Organizational-Person
Mastered-By False Top
Max-Storage False User
MHS-OR-Address False Organizational-Person
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-COM-UserPartitionSetLink False User
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
MS-DRM-Identity-Certificate False User
ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity False Organizational-Person
ms-DS-Allowed-To-Delegate-To False Organizational-Person
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedAt-DC False User
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Cached-Membership False User
ms-DS-Cached-Membership-Time-Stamp False User
ms-DS-Claim-Shares-Possible-Values-With-BL False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
MS-DS-Creator-SID False User
ms-DS-Enabled-Feature-BL False Top
ms-DS-Failed-Interactive-Logon-Count False User
ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon False User
ms-DS-HAB-Seniority-Index False Organizational-Person
ms-DS-Host-Service-Account-BL False Top
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-Is-Partial-Replica-For False Top
ms-DS-Is-Primary-Computer-For False Top
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Last-Failed-Interactive-Logon-Time False User
ms-DS-Last-Known-RDN False Top
ms-DS-Last-Successful-Interactive-Logon-Time False User
ms-DS-local-Effective-Deletion-Time False Top
ms-DS-local-Effective-Recycle-Time False Top
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-Members-Of-Resource-Property-List-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-OIDToGroup-Link-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Phonetic-Company-Name False Organizational-Person
ms-DS-Phonetic-Department False Organizational-Person
ms-DS-Phonetic-Display-Name False Organizational-Person
ms-DS-Phonetic-First-Name False Organizational-Person
ms-DS-Phonetic-Last-Name False Organizational-Person
ms-DS-Primary-Computer False User
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Resultant-PSO False User
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Secondary-KrbTgt-Number False User
ms-DS-Site-Affinity False User
ms-DS-Source-Object-DN False User
ms-DS-Supported-Encryption-Types False User
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-DS-TDO-Egress-BL False Top
ms-DS-TDO-Ingress-BL False Top
ms-DS-User-Account-Control-Computed False User
ms-DS-User-Password-Expiry-Time-Computed False User
ms-DS-Value-Type-Reference-BL False Top
ms-Exch-House-Identifier False Organizational-Person
ms-Exch-Owner-BL False Top
ms-IIS-FTP-Dir False User
ms-IIS-FTP-Root False User
MSMQ-Digests False User
MSMQ-Digests-Mig False User
MSMQ-Sign-Certificates False User
MSMQ-Sign-Certificates-Mig False User
msNPAllowDialin False User
msNPCallingStationID False User
msNPSavedCallingStationID False User
ms-PKI-AccountCredentials False User
ms-PKI-Credential-Roaming-Tokens False User
ms-PKI-DPAPIMasterKeys False User
ms-PKI-RoamingTimeStamp False User
msRADIUSCallbackNumber False User
ms-RADIUS-FramedInterfaceId False User
msRADIUSFramedIPAddress False User
ms-RADIUS-FramedIpv6Prefix False User
ms-RADIUS-FramedIpv6Route False User
msRADIUSFramedRoute False User
ms-RADIUS-SavedFramedInterfaceId False User
ms-RADIUS-SavedFramedIpv6Prefix False User
ms-RADIUS-SavedFramedIpv6Route False User
msRADIUSServiceType False User
msRASSavedCallbackNumber False User
msRASSavedFramedIPAddress False User
msRASSavedFramedRoute False User
msSFU-30-Name False User
msSFU-30-Nis-Domain False User
msSFU-30-Posix-Member-Of False Top
ms-TS-Allow-Logon False User
ms-TS-Broken-Connection-Action False User
ms-TS-Connect-Client-Drives False User
ms-TS-Connect-Printer-Drives False User
ms-TS-Default-To-Main-Printer False User
MS-TS-ExpireDate False User
MS-TS-ExpireDate2 False User
MS-TS-ExpireDate3 False User
MS-TS-ExpireDate4 False User
ms-TS-Home-Directory False User
ms-TS-Home-Drive False User
ms-TS-Initial-Program False User
MS-TS-LicenseVersion False User
MS-TS-LicenseVersion2 False User
MS-TS-LicenseVersion3 False User
MS-TS-LicenseVersion4 False User
MS-TSLS-Property01 False User
MS-TSLS-Property02 False User
MS-TS-ManagingLS False User
MS-TS-ManagingLS2 False User
MS-TS-ManagingLS3 False User
MS-TS-ManagingLS4 False User
ms-TS-Max-Connection-Time False User
ms-TS-Max-Disconnection-Time False User
ms-TS-Max-Idle-Time False User
ms-TS-Primary-Desktop False User
ms-TS-Profile-Path False User
MS-TS-Property01 False User
MS-TS-Property02 False User
ms-TS-Reconnection-Action False User
ms-TS-Remote-Control False User
ms-TS-Secondary-Desktops False User
ms-TS-Work-Directory False User
netboot-SCP-BL False Top
Network-Address False User
Non-Security-Member-BL False Top
Nt-Pwd-History False User
NT-Security-Descriptor True Top
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Version False Top
Operator-Count False User
Organizational-Unit-Name False Organizational-Person
Organization-Name False User
Organizational-Person
Other-Login-Workstations False User
Other-Mailbox False Organizational-Person
Other-Name False Organizational-Person
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Personal-Title False Organizational-Person
Phone-Fax-Other False Organizational-Person
Phone-Home-Other False Organizational-Person
Phone-Home-Primary False User
Organizational-Person
Phone-Ip-Other False Organizational-Person
Phone-Ip-Primary False Organizational-Person
Phone-ISDN-Primary False Organizational-Person
Phone-Mobile-Other False Organizational-Person
Phone-Mobile-Primary False User
Organizational-Person
Phone-Office-Other False Organizational-Person
Phone-Pager-Other False Organizational-Person
Phone-Pager-Primary False User
Organizational-Person
photo False User
Physical-Delivery-Office-Name False Organizational-Person
Picture False Organizational-Person
Possible-Inferiors False Top
Postal-Address False Organizational-Person
Postal-Code False Organizational-Person
Post-Office-Box False Organizational-Person
Preferred-Delivery-Method False Organizational-Person
preferredLanguage False User
Preferred-OU False User
Primary-Group-ID False User
Profile-Path False User
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-Last-Set False User
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Person
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
roomNumber False User
Script-Path False User
SD-Rights-Effective False Top
secretary False User
See-Also False Person
Serial-Number False Person
Server-Reference-BL False Top
Service-Principal-Name False User
Show-In-Advanced-View-Only False Top
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Person
Street-Address False Organizational-Person
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Surname False Person
System-Flags False Top
Telephone-Number False Person
Teletex-Terminal-Identifier False Organizational-Person
Telex-Number False Organizational-Person
Telex-Primary False Organizational-Person
Terminal-Server False User
Text-Country False Organizational-Person
Title False Organizational-Person
uid False User
Unicode-Pwd False User
User-Account-Control False User
User-Comment False Organizational-Person
User-Parameters False User
User-Password False Person
userPKCS12 False User
User-Principal-Name False User
User-Shared-Folder False User
User-Shared-Folder-Other False User
User-SMIME-Certificate False User
User-Workstations False User
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Person
x500uniqueIdentifier False User
X509-Cert False User