User class

This class is used to store information about an employee or contractor who works for an organization. It is also possible to apply this class to long term visitors.

Entry Value
CN User
Ldap-Display-Name user
Update Privilege Domain administrator or account owner.
Update Frequency This record will be updated each time a new person joins or leaves the company.
Schema-Id-Guid bf967aba-0de6-11d0-a285-00aa003049e2

Implementations

Windows 2000 Server

Entry Value
System-Only False
Object-Category 1
Default-Object-Category Person
Governs-Id 1.2.840.113556.1.5.9
Default-Hiding-Value 0
Rdn-Att-Id Common-Name
Subclass of Organizational-Person
Possible Superiors Domain-DNSOrganizational-UnitBuiltin-Domain
Auxiliary Classes Mail-Recipient (System)Security-Principal (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)
System-Flags 0x00000010

Windows 2000 Server Attributes

This class contains the following attributes for Windows 2000 Server:

Attribute Mandatory Derived from
Account-Expires False User
Account-Name-History False Security-Principal
ACS-Policy-Name False User
Address False Organizational-Person
Address-Home False Organizational-Person
Admin-Count False User
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Alt-Security-Identities False Security-Principal
Assistant False Organizational-Person
Bad-Password-Time False User
Bad-Pwd-Count False User
Bridgehead-Server-List-BL False Top
Canonical-Name False Top
Code-Page False User
Comment False Mail-Recipient
Common-Name True Person
Mail-Recipient
Top
Company False Organizational-Person
Control-Access-Rights False User
Country-Code False Organizational-Person
Country-Name False Organizational-Person
Create-Time-Stamp False Top
DBCS-Pwd False User
Default-Class-Store False User
Department False Organizational-Person
Description False Top
Desktop-Profile False User
Destination-Indicator False Organizational-Person
Display-Name False Top
Display-Name-Printable False Top
Division False Organizational-Person
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Dynamic-LDAP-Server False User
E-mail-Addresses False Organizational-Person
Employee-ID False Organizational-Person
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Person
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Garbage-Coll-Period False Mail-Recipient
Generation-Qualifier False Organizational-Person
Given-Name False Organizational-Person
Group-Membership-SAM False User
Group-Priority False User
Groups-to-Ignore False User
Home-Directory False User
Home-Drive False User
Initials False Organizational-Person
Instance-Type True Top
International-ISDN-Number False Organizational-Person
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Last-Known-Parent False Top
Last-Logoff False User
Last-Logon False User
Legacy-Exchange-DN False Mail-Recipient
Lm-Pwd-History False User
Locale-ID False User
Locality-Name False Organizational-Person
Lockout-Time False User
Logo False Organizational-Person
Logon-Count False User
Logon-Hours False User
Logon-Workstation False User
Managed-Objects False Top
Manager False Organizational-Person
Mastered-By False Top
Max-Storage False User
MHS-OR-Address False Organizational-Person
Modify-Time-Stamp False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
MS-DS-Creator-SID False User
MSMQ-Digests False User
MSMQ-Digests-Mig False User
MSMQ-Sign-Certificates False User
MSMQ-Sign-Certificates-Mig False User
msNPAllowDialin False User
msNPCallingStationID False User
msNPSavedCallingStationID False User
msRADIUSCallbackNumber False User
msRADIUSFramedIPAddress False User
msRADIUSFramedRoute False User
msRADIUSServiceType False User
msRASSavedCallbackNumber False User
msRASSavedFramedIPAddress False User
msRASSavedFramedRoute False User
netboot-SCP-BL False Top
Network-Address False User
Non-Security-Member-BL False Top
Nt-Pwd-History False User
NT-Security-Descriptor True Top
Security-Principal
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Sid True Security-Principal
Object-Version False Top
Operator-Count False User
Organizational-Unit-Name False Organizational-Person
Organization-Name False Organizational-Person
Other-Login-Workstations False User
Other-Mailbox False Organizational-Person
Other-Name False Organizational-Person
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Personal-Title False Organizational-Person
Phone-Fax-Other False Organizational-Person
Phone-Home-Other False Organizational-Person
Phone-Home-Primary False Organizational-Person
Phone-Ip-Other False Organizational-Person
Phone-Ip-Primary False Organizational-Person
Phone-ISDN-Primary False Organizational-Person
Phone-Mobile-Other False Organizational-Person
Phone-Mobile-Primary False Organizational-Person
Phone-Office-Other False Organizational-Person
Phone-Pager-Other False Organizational-Person
Phone-Pager-Primary False Organizational-Person
Physical-Delivery-Office-Name False Organizational-Person
Picture False Organizational-Person
Possible-Inferiors False Top
Postal-Address False Organizational-Person
Postal-Code False Organizational-Person
Post-Office-Box False Organizational-Person
Preferred-Delivery-Method False Organizational-Person
Preferred-OU False User
Primary-Group-ID False User
Profile-Path False User
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-Last-Set False User
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Person
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
Rid False Security-Principal
SAM-Account-Name True Security-Principal
SAM-Account-Type False Security-Principal
Script-Path False User
SD-Rights-Effective False Top
Security-Identifier False Security-Principal
See-Also False Person
Server-Reference-BL False Top
Service-Principal-Name False User
Show-In-Address-Book False Mail-Recipient
Show-In-Advanced-View-Only False Top
SID-History False Security-Principal
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Person
Street-Address False Organizational-Person
Sub-Refs False Top
SubSchemaSubEntry False Top
Supplemental-Credentials False Security-Principal
Surname False Person
System-Flags False Top
Telephone-Number False Person
Mail-Recipient
Teletex-Terminal-Identifier False Organizational-Person
Telex-Number False Organizational-Person
Telex-Primary False Organizational-Person
Terminal-Server False User
Text-Country False Organizational-Person
Text-Encoded-OR-Address False Mail-Recipient
Title False Organizational-Person
Token-Groups False Security-Principal
Token-Groups-Global-And-Universal False Security-Principal
Token-Groups-No-GC-Acceptable False Security-Principal
Unicode-Pwd False User
User-Account-Control False User
User-Cert False Mail-Recipient
User-Comment False Organizational-Person
User-Parameters False User
User-Password False Person
User-Principal-Name False User
User-Shared-Folder False User
User-Shared-Folder-Other False User
User-SMIME-Certificate False Mail-Recipient
User-Workstations False User
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Person
X509-Cert False User Mail-Recipient

Windows 2000 Server Extended Rights

This class contains the following extended rights for Windows 2000 Server:

Windows 2000 Server Property Sets

This class contains the following property sets for Windows 2000 Server:

Windows Server 2003

Entry Value
System-Only False
Object-Category 1
Default-Object-Category Person
Governs-Id 1.2.840.113556.1.5.9
Default-Hiding-Value 0
Rdn-Att-Id Common-Name
Subclass of Organizational-Person
Possible Superiors Domain-DNSOrganizational-UnitBuiltin-Domain
Auxiliary Classes Mail-Recipient (System)Security-Principal (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)
System-Flags 0x00000010

Windows Server 2003 Attributes

This class contains the following attributes for Windows Server 2003:

Attribute Mandatory Derived from
Account-Expires False User
Account-Name-History False Security-Principal
ACS-Policy-Name False User
Address False Organizational-Person
Address-Home False User Organizational-Person
Admin-Count False User
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Alt-Security-Identities False Security-Principal
Assistant False Organizational-Person
attributeCertificateAttribute False Person
audio False User
Bad-Password-Time False User
Bad-Pwd-Count False User
Bridgehead-Server-List-BL False Top
Business-Category False User
Canonical-Name False Top
carLicense False User
Code-Page False User
Comment False Mail-Recipient
Common-Name True Person
Mail-Recipient
Top
Company False Organizational-Person
Control-Access-Rights False User
Country-Code False Organizational-Person
Country-Name False Organizational-Person
Create-Time-Stamp False Top
DBCS-Pwd False User
Default-Class-Store False User
Department False Organizational-Person
departmentNumber False User
Description False Top
Desktop-Profile False User
Destination-Indicator False Organizational-Person
Display-Name False User Top
Display-Name-Printable False Top
Division False Organizational-Person
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Dynamic-LDAP-Server False User
E-mail-Addresses False User Organizational-Person
Employee-ID False Organizational-Person
Employee-Number False User
Employee-Type False User
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Person
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Garbage-Coll-Period False Mail-Recipient
Generation-Qualifier False Organizational-Person
Given-Name False User Organizational-Person
Group-Membership-SAM False User
Group-Priority False User
Groups-to-Ignore False User
Home-Directory False User
Home-Drive False User
houseIdentifier False Organizational-Person
Initials False User Organizational-Person
Instance-Type True Top
International-ISDN-Number False Organizational-Person
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
jpegPhoto False User
labeledURI False User Mail-Recipient
Last-Known-Parent False Top
Last-Logoff False User
Last-Logon False User
Last-Logon-Timestamp False User
Legacy-Exchange-DN False Mail-Recipient
Lm-Pwd-History False User
Locale-ID False User
Locality-Name False Organizational-Person
Lockout-Time False User
Logo False Organizational-Person
Logon-Count False User
Logon-Hours False User
Logon-Workstation False User
Managed-Objects False Top
Manager False User Organizational-Person
Mastered-By False Top
Max-Storage False User
MHS-OR-Address False Organizational-Person
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-COM-UserPartitionSetLink False User
MS-DRM-Identity-Certificate False User
ms-DS-Allowed-To-Delegate-To False Organizational-Person
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-Cached-Membership False User
ms-DS-Cached-Membership-Time-Stamp False User
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
MS-DS-Creator-SID False User
ms-DS-KeyVersionNumber False Security-Principal
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Site-Affinity False User
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-DS-User-Account-Control-Computed False User
ms-Exch-Assistant-Name False Mail-Recipient
ms-Exch-House-Identifier False Organizational-Person
ms-Exch-LabeledURI False Mail-Recipient
ms-Exch-Owner-BL False Top
ms-IIS-FTP-Dir False User
ms-IIS-FTP-Root False User
MSMQ-Digests False User
MSMQ-Digests-Mig False User
MSMQ-Sign-Certificates False User
MSMQ-Sign-Certificates-Mig False User
msNPAllowDialin False User
msNPCallingStationID False User
msNPSavedCallingStationID False User
msRADIUSCallbackNumber False User
msRADIUSFramedIPAddress False User
msRADIUSFramedRoute False User
msRADIUSServiceType False User
msRASSavedCallbackNumber False User
msRASSavedFramedIPAddress False User
msRASSavedFramedRoute False User
netboot-SCP-BL False Top
Network-Address False User
Non-Security-Member-BL False Top
Nt-Pwd-History False User
NT-Security-Descriptor True Top
Security-Principal
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Sid True Security-Principal
Object-Version False Top
Operator-Count False User
Organizational-Unit-Name False Organizational-Person
Organization-Name False User Organizational-Person
Other-Login-Workstations False User
Other-Mailbox False Organizational-Person
Other-Name False Organizational-Person
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Personal-Title False Organizational-Person
Phone-Fax-Other False Organizational-Person
Phone-Home-Other False Organizational-Person
Phone-Home-Primary False User Organizational-Person
Phone-Ip-Other False Organizational-Person
Phone-Ip-Primary False Organizational-Person
Phone-ISDN-Primary False Organizational-Person
Phone-Mobile-Other False Organizational-Person
Phone-Mobile-Primary False User Organizational-Person
Phone-Office-Other False Organizational-Person
Phone-Pager-Other False Organizational-Person
Phone-Pager-Primary False User Organizational-Person
photo False User
Physical-Delivery-Office-Name False Organizational-Person
Picture False Organizational-Person
Possible-Inferiors False Top
Postal-Address False Organizational-Person
Postal-Code False Organizational-Person
Post-Office-Box False Organizational-Person
Preferred-Delivery-Method False Organizational-Person
preferredLanguage False User
Preferred-OU False User
Primary-Group-ID False User
Profile-Path False User
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-Last-Set False User
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Person
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
Rid False Security-Principal
roomNumber False User
SAM-Account-Name True Security-Principal
SAM-Account-Type False Security-Principal
Script-Path False User
SD-Rights-Effective False Top
secretary False User Mail-Recipient
Security-Identifier False Security-Principal
See-Also False Person
Serial-Number False Person
Server-Reference-BL False Top
Service-Principal-Name False User
Show-In-Address-Book False Mail-Recipient
Show-In-Advanced-View-Only False Top
SID-History False Security-Principal
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Person
Street-Address False Organizational-Person
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Supplemental-Credentials False Security-Principal
Surname False Person
System-Flags False Top
Telephone-Number False Person
Mail-Recipient
Teletex-Terminal-Identifier False Organizational-Person
Telex-Number False Organizational-Person
Telex-Primary False Organizational-Person
Terminal-Server False User
Text-Country False Organizational-Person
Text-Encoded-OR-Address False Mail-Recipient
Title False Organizational-Person
Token-Groups False Security-Principal
Token-Groups-Global-And-Universal False Security-Principal
Token-Groups-No-GC-Acceptable False Security-Principal
uid False User
Unicode-Pwd False User
User-Account-Control False User
User-Cert False Mail-Recipient
User-Comment False Organizational-Person
User-Parameters False User
User-Password False Person
userPKCS12 False User
User-Principal-Name False User
User-Shared-Folder False User
User-Shared-Folder-Other False User
User-SMIME-Certificate False User Mail-Recipient
User-Workstations False User
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Person
x500uniqueIdentifier False User
X509-Cert False User Mail-Recipient

Windows Server 2003 Extended Rights

This class contains the following extended rights for Windows Server 2003:

Windows Server 2003 Property Sets

This class contains the following property sets for Windows Server 2003:

Windows Server 2003 R2

Entry Value
System-Only False
Object-Category 1
Default-Object-Category Person
Governs-Id 1.2.840.113556.1.5.9
Default-Hiding-Value 0
Rdn-Att-Id Common-Name
Subclass of Organizational-Person
Possible Superiors Domain-DNSOrganizational-UnitBuiltin-Domain
Auxiliary Classes posixAccountshadowAccountMail-Recipient (System)Security-Principal (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)
System-Flags 0x00000010

Windows Server 2003 R2 Attributes

This class contains the following attributes for Windows Server 2003 R2:

Attribute Mandatory Derived from
Account-Expires False User
Account-Name-History False Security-Principal
ACS-Policy-Name False User
Address False Organizational-Person
Address-Home False User Organizational-Person
Admin-Count False User
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Alt-Security-Identities False Security-Principal
Assistant False Organizational-Person
attributeCertificateAttribute False Person
audio False User
Bad-Password-Time False User
Bad-Pwd-Count False User
Bridgehead-Server-List-BL False Top
Business-Category False User
Canonical-Name False Top
carLicense False User
Code-Page False User
Comment False Mail-Recipient
Common-Name True Person
Mail-Recipient
Top
posixAccount
Company False Organizational-Person
Control-Access-Rights False User
Country-Code False Organizational-Person
Country-Name False Organizational-Person
Create-Time-Stamp False Top
DBCS-Pwd False User
Default-Class-Store False User
Department False Organizational-Person
departmentNumber False User
Description False Top
posixAccount
shadowAccount
Desktop-Profile False User
Destination-Indicator False Organizational-Person
Display-Name False User Top
Display-Name-Printable False Top
Division False Organizational-Person
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Dynamic-LDAP-Server False User
E-mail-Addresses False User Organizational-Person
Employee-ID False Organizational-Person
Employee-Number False User
Employee-Type False User
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Person
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Garbage-Coll-Period False Mail-Recipient
gecos False posixAccount
Generation-Qualifier False Organizational-Person
gidNumber False posixAccount
Given-Name False User Organizational-Person
Group-Membership-SAM False User
Group-Priority False User
Groups-to-Ignore False User
Home-Directory False User posixAccount
Home-Drive False User
houseIdentifier False Organizational-Person
Initials False User Organizational-Person
Instance-Type True Top
International-ISDN-Number False Organizational-Person
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
jpegPhoto False User
labeledURI False User Mail-Recipient
Last-Known-Parent False Top
Last-Logoff False User
Last-Logon False User
Last-Logon-Timestamp False User
Legacy-Exchange-DN False Mail-Recipient
Lm-Pwd-History False User
Locale-ID False User
Locality-Name False Organizational-Person
Lockout-Time False User
loginShell False posixAccount
Logo False Organizational-Person
Logon-Count False User
Logon-Hours False User
Logon-Workstation False User
Managed-Objects False Top
Manager False User Organizational-Person
Mastered-By False Top
Max-Storage False User
MHS-OR-Address False Organizational-Person
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-COM-UserPartitionSetLink False User
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
MS-DRM-Identity-Certificate False User
ms-DS-Allowed-To-Delegate-To False Organizational-Person
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-Cached-Membership False User
ms-DS-Cached-Membership-Time-Stamp False User
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
MS-DS-Creator-SID False User
ms-DS-KeyVersionNumber False Security-Principal
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Site-Affinity False User
ms-DS-Source-Object-DN False User
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-DS-User-Account-Control-Computed False User
ms-Exch-Assistant-Name False Mail-Recipient
ms-Exch-House-Identifier False Organizational-Person
ms-Exch-LabeledURI False Mail-Recipient
ms-Exch-Owner-BL False Top
ms-IIS-FTP-Dir False User
ms-IIS-FTP-Root False User
MSMQ-Digests False User
MSMQ-Digests-Mig False User
MSMQ-Sign-Certificates False User
MSMQ-Sign-Certificates-Mig False User
msNPAllowDialin False User
msNPCallingStationID False User
msNPSavedCallingStationID False User
msRADIUSCallbackNumber False User
msRADIUSFramedIPAddress False User
msRADIUSFramedRoute False User
msRADIUSServiceType False User
msRASSavedCallbackNumber False User
msRASSavedFramedIPAddress False User
msRASSavedFramedRoute False User
msSFU-30-Name False User
msSFU-30-Nis-Domain False User
msSFU-30-Posix-Member-Of False Top
netboot-SCP-BL False Top
Network-Address False User
Non-Security-Member-BL False Top
Nt-Pwd-History False User
NT-Security-Descriptor True Top
Security-Principal
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Sid True Security-Principal
Object-Version False Top
Operator-Count False User
Organizational-Unit-Name False Organizational-Person
Organization-Name False User Organizational-Person
Other-Login-Workstations False User
Other-Mailbox False Organizational-Person
Other-Name False Organizational-Person
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Personal-Title False Organizational-Person
Phone-Fax-Other False Organizational-Person
Phone-Home-Other False Organizational-Person
Phone-Home-Primary False User Organizational-Person
Phone-Ip-Other False Organizational-Person
Phone-Ip-Primary False Organizational-Person
Phone-ISDN-Primary False Organizational-Person
Phone-Mobile-Other False Organizational-Person
Phone-Mobile-Primary False User Organizational-Person
Phone-Office-Other False Organizational-Person
Phone-Pager-Other False Organizational-Person
Phone-Pager-Primary False User Organizational-Person
photo False User
Physical-Delivery-Office-Name False Organizational-Person
Picture False Organizational-Person
Possible-Inferiors False Top
Postal-Address False Organizational-Person
Postal-Code False Organizational-Person
Post-Office-Box False Organizational-Person
Preferred-Delivery-Method False Organizational-Person
preferredLanguage False User
Preferred-OU False User
Primary-Group-ID False User
Profile-Path False User
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-Last-Set False User
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Person
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
Rid False Security-Principal
roomNumber False User
SAM-Account-Name True Security-Principal
SAM-Account-Type False Security-Principal
Script-Path False User
SD-Rights-Effective False Top
secretary False User Mail-Recipient
Security-Identifier False Security-Principal
See-Also False Person
Serial-Number False Person
Server-Reference-BL False Top
Service-Principal-Name False User
shadowExpire False shadowAccount
shadowFlag False shadowAccount
shadowInactive False shadowAccount
shadowLastChange False shadowAccount
shadowMax False shadowAccount
shadowMin False shadowAccount
shadowWarning False shadowAccount
Show-In-Address-Book False Mail-Recipient
Show-In-Advanced-View-Only False Top
SID-History False Security-Principal
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Person
Street-Address False Organizational-Person
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Supplemental-Credentials False Security-Principal
Surname False Person
System-Flags False Top
Telephone-Number False Person
Mail-Recipient
Teletex-Terminal-Identifier False Organizational-Person
Telex-Number False Organizational-Person
Telex-Primary False Organizational-Person
Terminal-Server False User
Text-Country False Organizational-Person
Text-Encoded-OR-Address False Mail-Recipient
Title False Organizational-Person
Token-Groups False Security-Principal
Token-Groups-Global-And-Universal False Security-Principal
Token-Groups-No-GC-Acceptable False Security-Principal
uid False User posixAccount
shadowAccount
uidNumber False posixAccount
Unicode-Pwd False User
unixHomeDirectory False posixAccount
unixUserPassword False posixAccount
User-Account-Control False User
User-Cert False Mail-Recipient
User-Comment False Organizational-Person
User-Parameters False User
User-Password False Person
posixAccount
shadowAccount
userPKCS12 False User
User-Principal-Name False User
User-Shared-Folder False User
User-Shared-Folder-Other False User
User-SMIME-Certificate False User Mail-Recipient
User-Workstations False User
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Person
x500uniqueIdentifier False User
X509-Cert False User Mail-Recipient

Windows Server 2003 R2 Extended Rights

This class contains the following extended rights for Windows Server 2003 R2:

Windows Server 2003 R2 Property Sets

This class contains the following property sets for Windows Server 2003 R2:

Windows Server 2008

Entry Value
System-Only False
Object-Category 1
Default-Object-Category Person
Governs-Id 1.2.840.113556.1.5.9
Default-Hiding-Value 0
Rdn-Att-Id Common-Name
Subclass of Organizational-Person
Possible Superiors Domain-DNSOrganizational-UnitBuiltin-Domain
Auxiliary Classes posixAccountshadowAccountMail-Recipient (System)Security-Principal (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
System-Flags 0x00000010

Windows Server 2008 Attributes

This class contains the following attributes for Windows Server 2008:

Attribute Mandatory Derived from
Account-Expires False User
Account-Name-History False Security-Principal
ACS-Policy-Name False User
Address False Organizational-Person
Address-Home False User Organizational-Person
Admin-Count False User
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Alt-Security-Identities False Security-Principal
Assistant False Organizational-Person
attributeCertificateAttribute False Person
audio False User
Bad-Password-Time False User
Bad-Pwd-Count False User
Bridgehead-Server-List-BL False Top
Business-Category False User
Canonical-Name False Top
carLicense False User
Code-Page False User
Comment False Mail-Recipient
Common-Name True Person
Mail-Recipient
Top
posixAccount
Company False Organizational-Person
Control-Access-Rights False User
Country-Code False Organizational-Person
Country-Name False Organizational-Person
Create-Time-Stamp False Top
DBCS-Pwd False User
Default-Class-Store False User
Department False Organizational-Person
departmentNumber False User
Description False Top
posixAccount
shadowAccount
Desktop-Profile False User
Destination-Indicator False Organizational-Person
Display-Name False User Top
Display-Name-Printable False Top
Division False Organizational-Person
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Dynamic-LDAP-Server False User
E-mail-Addresses False User Organizational-Person
Employee-ID False Organizational-Person
Employee-Number False User
Employee-Type False User
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Person
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Garbage-Coll-Period False Mail-Recipient
gecos False posixAccount
Generation-Qualifier False Organizational-Person
gidNumber False posixAccount
Given-Name False User Organizational-Person
Group-Membership-SAM False User
Group-Priority False User
Groups-to-Ignore False User
Home-Directory False User posixAccount
Home-Drive False User
houseIdentifier False Organizational-Person
Initials False User Organizational-Person
Instance-Type True Top
International-ISDN-Number False Organizational-Person
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
jpegPhoto False User
labeledURI False User Mail-Recipient
Last-Known-Parent False Top
Last-Logoff False User
Last-Logon False User
Last-Logon-Timestamp False User
Legacy-Exchange-DN False Mail-Recipient
Lm-Pwd-History False User
Locale-ID False User
Locality-Name False Organizational-Person
Lockout-Time False User
loginShell False posixAccount
Logo False Organizational-Person
Logon-Count False User
Logon-Hours False User
Logon-Workstation False User
Managed-Objects False Top
Manager False User Organizational-Person
Mastered-By False Top
Max-Storage False User
MHS-OR-Address False Organizational-Person
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-COM-UserPartitionSetLink False User
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
MS-DRM-Identity-Certificate False User
ms-DS-Allowed-To-Delegate-To False Organizational-Person
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedAt-DC False User
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Cached-Membership False User
ms-DS-Cached-Membership-Time-Stamp False User
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
MS-DS-Creator-SID False User
ms-DS-Failed-Interactive-Logon-Count False User
ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon False User
ms-DS-HAB-Seniority-Index False Organizational-Person
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-Is-Partial-Replica-For False Top
ms-DS-KeyVersionNumber False Security-Principal
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Last-Failed-Interactive-Logon-Time False User
ms-DS-Last-Successful-Interactive-Logon-Time False User
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Phonetic-Company-Name False Organizational-Person
ms-DS-Phonetic-Department False Organizational-Person
ms-DS-Phonetic-Display-Name False Organizational-Person
Mail-Recipient
ms-DS-Phonetic-First-Name False Organizational-Person
ms-DS-Phonetic-Last-Name False Organizational-Person
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Resultant-PSO False User
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Secondary-KrbTgt-Number False User
ms-DS-Site-Affinity False User
ms-DS-Source-Object-DN False User
ms-DS-Supported-Encryption-Types False User
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-DS-User-Account-Control-Computed False User
ms-DS-User-Password-Expiry-Time-Computed False User
ms-Exch-Assistant-Name False Mail-Recipient
ms-Exch-House-Identifier False Organizational-Person
ms-Exch-LabeledURI False Mail-Recipient
ms-Exch-Owner-BL False Top
ms-IIS-FTP-Dir False User
ms-IIS-FTP-Root False User
MSMQ-Digests False User
MSMQ-Digests-Mig False User
MSMQ-Sign-Certificates False User
MSMQ-Sign-Certificates-Mig False User
msNPAllowDialin False User
msNPCallingStationID False User
msNPSavedCallingStationID False User
ms-PKI-AccountCredentials False User
ms-PKI-DPAPIMasterKeys False User
ms-PKI-RoamingTimeStamp False User
msRADIUSCallbackNumber False User
ms-RADIUS-FramedInterfaceId False User
msRADIUSFramedIPAddress False User
ms-RADIUS-FramedIpv6Prefix False User
ms-RADIUS-FramedIpv6Route False User
msRADIUSFramedRoute False User
ms-RADIUS-SavedFramedInterfaceId False User
ms-RADIUS-SavedFramedIpv6Prefix False User
ms-RADIUS-SavedFramedIpv6Route False User
msRADIUSServiceType False User
msRASSavedCallbackNumber False User
msRASSavedFramedIPAddress False User
msRASSavedFramedRoute False User
msSFU-30-Name False User
msSFU-30-Nis-Domain False User
msSFU-30-Posix-Member-Of False Top
ms-TS-Allow-Logon False User
ms-TS-Broken-Connection-Action False User
ms-TS-Connect-Client-Drives False User
ms-TS-Connect-Printer-Drives False User
ms-TS-Default-To-Main-Printer False User
MS-TS-ExpireDate False User
MS-TS-ExpireDate2 False User
MS-TS-ExpireDate3 False User
MS-TS-ExpireDate4 False User
ms-TS-Home-Directory False User
ms-TS-Home-Drive False User
ms-TS-Initial-Program False User
MS-TS-LicenseVersion False User
MS-TS-LicenseVersion2 False User
MS-TS-LicenseVersion3 False User
MS-TS-LicenseVersion4 False User
MS-TSLS-Property01 False User
MS-TSLS-Property02 False User
MS-TS-ManagingLS False User
MS-TS-ManagingLS2 False User
MS-TS-ManagingLS3 False User
MS-TS-ManagingLS4 False User
ms-TS-Max-Connection-Time False User
ms-TS-Max-Disconnection-Time False User
ms-TS-Max-Idle-Time False User
ms-TS-Profile-Path False User
MS-TS-Property01 False User
MS-TS-Property02 False User
ms-TS-Reconnection-Action False User
ms-TS-Remote-Control False User
ms-TS-Work-Directory False User
netboot-SCP-BL False Top
Network-Address False User
Non-Security-Member-BL False Top
Nt-Pwd-History False User
NT-Security-Descriptor True Top
Security-Principal
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Sid True Security-Principal
Object-Version False Top
Operator-Count False User
Organizational-Unit-Name False Organizational-Person
Organization-Name False User Organizational-Person
Other-Login-Workstations False User
Other-Mailbox False Organizational-Person
Other-Name False Organizational-Person
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Personal-Title False Organizational-Person
Phone-Fax-Other False Organizational-Person
Phone-Home-Other False Organizational-Person
Phone-Home-Primary False User Organizational-Person
Phone-Ip-Other False Organizational-Person
Phone-Ip-Primary False Organizational-Person
Phone-ISDN-Primary False Organizational-Person
Phone-Mobile-Other False Organizational-Person
Phone-Mobile-Primary False User Organizational-Person
Phone-Office-Other False Organizational-Person
Phone-Pager-Other False Organizational-Person
Phone-Pager-Primary False User Organizational-Person
photo False User
Physical-Delivery-Office-Name False Organizational-Person
Picture False Organizational-Person
Possible-Inferiors False Top
Postal-Address False Organizational-Person
Postal-Code False Organizational-Person
Post-Office-Box False Organizational-Person
Preferred-Delivery-Method False Organizational-Person
preferredLanguage False User
Preferred-OU False User
Primary-Group-ID False User
Profile-Path False User
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-Last-Set False User
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Person
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
Rid False Security-Principal
roomNumber False User
SAM-Account-Name True Security-Principal
SAM-Account-Type False Security-Principal
Script-Path False User
SD-Rights-Effective False Top
secretary False User Mail-Recipient
Security-Identifier False Security-Principal
See-Also False Person
Serial-Number False Person
Server-Reference-BL False Top
Service-Principal-Name False User
shadowExpire False shadowAccount
shadowFlag False shadowAccount
shadowInactive False shadowAccount
shadowLastChange False shadowAccount
shadowMax False shadowAccount
shadowMin False shadowAccount
shadowWarning False shadowAccount
Show-In-Address-Book False Mail-Recipient
Show-In-Advanced-View-Only False Top
SID-History False Security-Principal
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Person
Street-Address False Organizational-Person
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Supplemental-Credentials False Security-Principal
Surname False Person
System-Flags False Top
Telephone-Number False Person
Mail-Recipient
Teletex-Terminal-Identifier False Organizational-Person
Telex-Number False Organizational-Person
Telex-Primary False Organizational-Person
Terminal-Server False User
Text-Country False Organizational-Person
Text-Encoded-OR-Address False Mail-Recipient
Title False Organizational-Person
Token-Groups False Security-Principal
Token-Groups-Global-And-Universal False Security-Principal
Token-Groups-No-GC-Acceptable False Security-Principal
uid False User posixAccount
shadowAccount
uidNumber False posixAccount
Unicode-Pwd False User
unixHomeDirectory False posixAccount
unixUserPassword False posixAccount
User-Account-Control False User
User-Cert False Mail-Recipient
User-Comment False Organizational-Person
User-Parameters False User
User-Password False Person
posixAccount
shadowAccount
userPKCS12 False User
User-Principal-Name False User
User-Shared-Folder False User
User-Shared-Folder-Other False User
User-SMIME-Certificate False User Mail-Recipient
User-Workstations False User
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Person
x500uniqueIdentifier False User
X509-Cert False User Mail-Recipient

Windows Server 2008 Extended Rights

This class contains the following extended rights for Windows Server 2008:

Windows Server 2008 Property Sets

This class contains the following property sets for Windows Server 2008:

Windows Server 2008 R2

Entry Value
System-Only False
Object-Category 1
Default-Object-Category Person
Governs-Id 1.2.840.113556.1.5.9
Default-Hiding-Value 0
Rdn-Att-Id Common-Name
Subclass of Organizational-Person
Possible Superiors Domain-DNSOrganizational-UnitBuiltin-Domain
Auxiliary Classes posixAccountshadowAccountMail-Recipient (System)Security-Principal (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
System-Flags 0x00000010

Windows Server 2008 R2 Attributes

This class contains the following attributes for Windows Server 2008 R2:

Attribute Mandatory Derived from
Account-Expires False User
Account-Name-History False Security-Principal
ACS-Policy-Name False User
Address False Organizational-Person
Address-Home False User Organizational-Person
Admin-Count False User
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Alt-Security-Identities False Security-Principal
Assistant False Organizational-Person
attributeCertificateAttribute False Person
audio False User
Bad-Password-Time False User
Bad-Pwd-Count False User
Bridgehead-Server-List-BL False Top
Business-Category False User
Canonical-Name False Top
carLicense False User
Code-Page False User
Comment False Mail-Recipient
Common-Name True Person
Mail-Recipient
Top
posixAccount
Company False Organizational-Person
Control-Access-Rights False User
Country-Code False Organizational-Person
Country-Name False Organizational-Person
Create-Time-Stamp False Top
DBCS-Pwd False User
Default-Class-Store False User
Department False Organizational-Person
departmentNumber False User
Description False Top
posixAccount
shadowAccount
Desktop-Profile False User
Destination-Indicator False Organizational-Person
Display-Name False User Top
Display-Name-Printable False Top
Division False Organizational-Person
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Dynamic-LDAP-Server False User
E-mail-Addresses False User Organizational-Person
Employee-ID False Organizational-Person
Employee-Number False User
Employee-Type False User
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Person
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Garbage-Coll-Period False Mail-Recipient
gecos False posixAccount
Generation-Qualifier False Organizational-Person
gidNumber False posixAccount
Given-Name False User Organizational-Person
Group-Membership-SAM False User
Group-Priority False User
Groups-to-Ignore False User
Home-Directory False User posixAccount
Home-Drive False User
houseIdentifier False Organizational-Person
Initials False User Organizational-Person
Instance-Type True Top
International-ISDN-Number False Organizational-Person
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Is-Recycled False Top
jpegPhoto False User
labeledURI False User Mail-Recipient
Last-Known-Parent False Top
Last-Logoff False User
Last-Logon False User
Last-Logon-Timestamp False User
Legacy-Exchange-DN False Mail-Recipient
Lm-Pwd-History False User
Locale-ID False User
Locality-Name False Organizational-Person
Lockout-Time False User
loginShell False posixAccount
Logo False Organizational-Person
Logon-Count False User
Logon-Hours False User
Logon-Workstation False User
Managed-Objects False Top
Manager False User Organizational-Person
Mastered-By False Top
Max-Storage False User
MHS-OR-Address False Organizational-Person
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-COM-UserPartitionSetLink False User
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
MS-DRM-Identity-Certificate False User
ms-DS-Allowed-To-Delegate-To False Organizational-Person
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedAt-DC False User
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Cached-Membership False User
ms-DS-Cached-Membership-Time-Stamp False User
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
MS-DS-Creator-SID False User
ms-DS-Enabled-Feature-BL False Top
ms-DS-Failed-Interactive-Logon-Count False User
ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon False User
ms-DS-HAB-Seniority-Index False Organizational-Person
ms-DS-Host-Service-Account-BL False Top
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-Is-Partial-Replica-For False Top
ms-DS-KeyVersionNumber False Security-Principal
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Last-Failed-Interactive-Logon-Time False User
ms-DS-Last-Known-RDN False Top
ms-DS-Last-Successful-Interactive-Logon-Time False User
ms-DS-local-Effective-Deletion-Time False Top
ms-DS-local-Effective-Recycle-Time False Top
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-OIDToGroup-Link-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Phonetic-Company-Name False Organizational-Person
ms-DS-Phonetic-Department False Organizational-Person
ms-DS-Phonetic-Display-Name False Organizational-Person
Mail-Recipient
ms-DS-Phonetic-First-Name False Organizational-Person
ms-DS-Phonetic-Last-Name False Organizational-Person
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Resultant-PSO False User
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Secondary-KrbTgt-Number False User
ms-DS-Site-Affinity False User
ms-DS-Source-Object-DN False User
ms-DS-Supported-Encryption-Types False User
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-DS-User-Account-Control-Computed False User
ms-DS-User-Password-Expiry-Time-Computed False User
ms-Exch-Assistant-Name False Mail-Recipient
ms-Exch-House-Identifier False Organizational-Person
ms-Exch-LabeledURI False Mail-Recipient
ms-Exch-Owner-BL False Top
ms-IIS-FTP-Dir False User
ms-IIS-FTP-Root False User
MSMQ-Digests False User
MSMQ-Digests-Mig False User
MSMQ-Sign-Certificates False User
MSMQ-Sign-Certificates-Mig False User
msNPAllowDialin False User
msNPCallingStationID False User
msNPSavedCallingStationID False User
ms-PKI-AccountCredentials False User
ms-PKI-Credential-Roaming-Tokens False User
ms-PKI-DPAPIMasterKeys False User
ms-PKI-RoamingTimeStamp False User
msRADIUSCallbackNumber False User
ms-RADIUS-FramedInterfaceId False User
msRADIUSFramedIPAddress False User
ms-RADIUS-FramedIpv6Prefix False User
ms-RADIUS-FramedIpv6Route False User
msRADIUSFramedRoute False User
ms-RADIUS-SavedFramedInterfaceId False User
ms-RADIUS-SavedFramedIpv6Prefix False User
ms-RADIUS-SavedFramedIpv6Route False User
msRADIUSServiceType False User
msRASSavedCallbackNumber False User
msRASSavedFramedIPAddress False User
msRASSavedFramedRoute False User
msSFU-30-Name False User
msSFU-30-Nis-Domain False User
msSFU-30-Posix-Member-Of False Top
ms-TS-Allow-Logon False User
ms-TS-Broken-Connection-Action False User
ms-TS-Connect-Client-Drives False User
ms-TS-Connect-Printer-Drives False User
ms-TS-Default-To-Main-Printer False User
MS-TS-ExpireDate False User
MS-TS-ExpireDate2 False User
MS-TS-ExpireDate3 False User
MS-TS-ExpireDate4 False User
ms-TS-Home-Directory False User
ms-TS-Home-Drive False User
ms-TS-Initial-Program False User
MS-TS-LicenseVersion False User
MS-TS-LicenseVersion2 False User
MS-TS-LicenseVersion3 False User
MS-TS-LicenseVersion4 False User
MS-TSLS-Property01 False User
MS-TSLS-Property02 False User
MS-TS-ManagingLS False User
MS-TS-ManagingLS2 False User
MS-TS-ManagingLS3 False User
MS-TS-ManagingLS4 False User
ms-TS-Max-Connection-Time False User
ms-TS-Max-Disconnection-Time False User
ms-TS-Max-Idle-Time False User
ms-TS-Primary-Desktop False User
ms-TS-Profile-Path False User
MS-TS-Property01 False User
MS-TS-Property02 False User
ms-TS-Reconnection-Action False User
ms-TS-Remote-Control False User
ms-TS-Secondary-Desktops False User
ms-TS-Work-Directory False User
netboot-SCP-BL False Top
Network-Address False User
Non-Security-Member-BL False Top
Nt-Pwd-History False User
NT-Security-Descriptor True Top
Security-Principal
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Sid True Security-Principal
Object-Version False Top
Operator-Count False User
Organizational-Unit-Name False Organizational-Person
Organization-Name False User Organizational-Person
Other-Login-Workstations False User
Other-Mailbox False Organizational-Person
Other-Name False Organizational-Person
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Personal-Title False Organizational-Person
Phone-Fax-Other False Organizational-Person
Phone-Home-Other False Organizational-Person
Phone-Home-Primary False User Organizational-Person
Phone-Ip-Other False Organizational-Person
Phone-Ip-Primary False Organizational-Person
Phone-ISDN-Primary False Organizational-Person
Phone-Mobile-Other False Organizational-Person
Phone-Mobile-Primary False User Organizational-Person
Phone-Office-Other False Organizational-Person
Phone-Pager-Other False Organizational-Person
Phone-Pager-Primary False User Organizational-Person
photo False User
Physical-Delivery-Office-Name False Organizational-Person
Picture False Organizational-Person
Possible-Inferiors False Top
Postal-Address False Organizational-Person
Postal-Code False Organizational-Person
Post-Office-Box False Organizational-Person
Preferred-Delivery-Method False Organizational-Person
preferredLanguage False User
Preferred-OU False User
Primary-Group-ID False User
Profile-Path False User
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-Last-Set False User
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Person
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
Rid False Security-Principal
roomNumber False User
SAM-Account-Name True Security-Principal
SAM-Account-Type False Security-Principal
Script-Path False User
SD-Rights-Effective False Top
secretary False User Mail-Recipient
Security-Identifier False Security-Principal
See-Also False Person
Serial-Number False Person
Server-Reference-BL False Top
Service-Principal-Name False User
shadowExpire False shadowAccount
shadowFlag False shadowAccount
shadowInactive False shadowAccount
shadowLastChange False shadowAccount
shadowMax False shadowAccount
shadowMin False shadowAccount
shadowWarning False shadowAccount
Show-In-Address-Book False Mail-Recipient
Show-In-Advanced-View-Only False Top
SID-History False Security-Principal
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Person
Street-Address False Organizational-Person
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Supplemental-Credentials False Security-Principal
Surname False Person
System-Flags False Top
Telephone-Number False Person
Mail-Recipient
Teletex-Terminal-Identifier False Organizational-Person
Telex-Number False Organizational-Person
Telex-Primary False Organizational-Person
Terminal-Server False User
Text-Country False Organizational-Person
Text-Encoded-OR-Address False Mail-Recipient
Title False Organizational-Person
Token-Groups False Security-Principal
Token-Groups-Global-And-Universal False Security-Principal
Token-Groups-No-GC-Acceptable False Security-Principal
uid False User posixAccount
shadowAccount
uidNumber False posixAccount
Unicode-Pwd False User
unixHomeDirectory False posixAccount
unixUserPassword False posixAccount
User-Account-Control False User
User-Cert False Mail-Recipient
User-Comment False Organizational-Person
User-Parameters False User
User-Password False Person
posixAccount
shadowAccount
userPKCS12 False User
User-Principal-Name False User
User-Shared-Folder False User
User-Shared-Folder-Other False User
User-SMIME-Certificate False User Mail-Recipient
User-Workstations False User
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Person
x500uniqueIdentifier False User
X509-Cert False User Mail-Recipient

Windows Server 2008 R2 Extended Rights

This class contains the following extended rights for Windows Server 2008 R2:

Windows Server 2008 R2 Property Sets

This class contains the following property sets for Windows Server 2008 R2:

Windows Server 2012

Entry Value
System-Only False
Object-Category 1
Default-Object-Category Person
Governs-Id 1.2.840.113556.1.5.9
Default-Hiding-Value 0
Rdn-Att-Id Common-Name
Subclass of Organizational-Person
Possible Superiors Domain-DNSOrganizational-UnitBuiltin-Domain
Auxiliary Classes posixAccountshadowAccountMail-Recipient (System)Security-Principal (System)
NT-Security-Descriptor O:BAG:BAD:S:
Default Security Descriptor D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
System-Flags 0x00000010

Windows Server 2012 Attributes

This class contains the following attributes for Windows Server 2012:

Attribute Mandatory Derived from
Account-Expires False User
Account-Name-History False Security-Principal
ACS-Policy-Name False User
Address False Organizational-Person
Address-Home False User Organizational-Person
Admin-Count False User
Admin-Description False Top
Admin-Display-Name False Top
Allowed-Attributes False Top
Allowed-Attributes-Effective False Top
Allowed-Child-Classes False Top
Allowed-Child-Classes-Effective False Top
Alt-Security-Identities False Security-Principal
Assistant False Organizational-Person
attributeCertificateAttribute False Person
audio False User
Bad-Password-Time False User
Bad-Pwd-Count False User
Bridgehead-Server-List-BL False Top
Business-Category False User
Canonical-Name False Top
carLicense False User
Code-Page False User
Comment False Mail-Recipient
Common-Name True Person
Mail-Recipient
Top
posixAccount
Company False Organizational-Person
Control-Access-Rights False User
Country-Code False Organizational-Person
Country-Name False Organizational-Person
Create-Time-Stamp False Top
DBCS-Pwd False User
Default-Class-Store False User
Department False Organizational-Person
departmentNumber False User
Description False Top
posixAccount
shadowAccount
Desktop-Profile False User
Destination-Indicator False Organizational-Person
Display-Name False User Top
Display-Name-Printable False Top
Division False Organizational-Person
DSA-Signature False Top
DS-Core-Propagation-Data False Top
Dynamic-LDAP-Server False User
E-mail-Addresses False User Organizational-Person
Employee-ID False Organizational-Person
Employee-Number False User
Employee-Type False User
Extension-Name False Top
Facsimile-Telephone-Number False Organizational-Person
Flags False Top
From-Entry False Top
Frs-Computer-Reference-BL False Top
FRS-Member-Reference-BL False Top
FSMO-Role-Owner False Top
Garbage-Coll-Period False Mail-Recipient
gecos False posixAccount
Generation-Qualifier False Organizational-Person
gidNumber False posixAccount
Given-Name False User Organizational-Person
Group-Membership-SAM False User
Group-Priority False User
Groups-to-Ignore False User
Home-Directory False User posixAccount
Home-Drive False User
houseIdentifier False Organizational-Person
Initials False User Organizational-Person
Instance-Type True Top
International-ISDN-Number False Organizational-Person
Is-Critical-System-Object False Top
Is-Deleted False Top
Is-Member-Of-DL False Top
Is-Privilege-Holder False Top
Is-Recycled False Top
jpegPhoto False User
labeledURI False User Mail-Recipient
Last-Known-Parent False Top
Last-Logoff False User
Last-Logon False User
Last-Logon-Timestamp False User
Legacy-Exchange-DN False Mail-Recipient
Lm-Pwd-History False User
Locale-ID False User
Locality-Name False Organizational-Person
Lockout-Time False User
loginShell False posixAccount
Logo False Organizational-Person
Logon-Count False User
Logon-Hours False User
Logon-Workstation False User
Managed-Objects False Top
Manager False User Organizational-Person
Mastered-By False Top
Max-Storage False User
MHS-OR-Address False Organizational-Person
Modify-Time-Stamp False Top
ms-COM-PartitionSetLink False Top
ms-COM-UserLink False Top
ms-COM-UserPartitionSetLink False User
ms-DFSR-ComputerReferenceBL False Top
ms-DFSR-MemberReferenceBL False Top
MS-DRM-Identity-Certificate False User
ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity False Organizational-Person
ms-DS-Allowed-To-Delegate-To False Organizational-Person
ms-DS-Approx-Immed-Subordinates False Top
ms-DS-AuthenticatedAt-DC False User
ms-DS-AuthenticatedTo-Accountlist False Top
ms-DS-Cached-Membership False User
ms-DS-Cached-Membership-Time-Stamp False User
ms-DS-Claim-Shares-Possible-Values-With-BL False Top
MS-DS-Consistency-Child-Count False Top
MS-DS-Consistency-Guid False Top
MS-DS-Creator-SID False User
ms-DS-Enabled-Feature-BL False Top
ms-DS-Failed-Interactive-Logon-Count False User
ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon False User
ms-DS-GeoCoordinates-Altitude False Mail-Recipient
ms-DS-GeoCoordinates-Latitude False Mail-Recipient
ms-DS-GeoCoordinates-Longitude False Mail-Recipient
ms-DS-HAB-Seniority-Index False Organizational-Person
ms-DS-Host-Service-Account-BL False Top
ms-DS-Is-Domain-For False Top
ms-DS-Is-Full-Replica-For False Top
ms-DS-Is-Partial-Replica-For False Top
ms-DS-Is-Primary-Computer-For False Top
ms-DS-KeyVersionNumber False Security-Principal
ms-DS-KrbTgt-Link-BL False Top
ms-DS-Last-Failed-Interactive-Logon-Time False User
ms-DS-Last-Known-RDN False Top
ms-DS-Last-Successful-Interactive-Logon-Time False User
ms-DS-local-Effective-Deletion-Time False Top
ms-DS-local-Effective-Recycle-Time False Top
ms-DS-Mastered-By False Top
ms-DS-Members-For-Az-Role-BL False Top
ms-DS-Members-Of-Resource-Property-List-BL False Top
ms-DS-NC-Repl-Cursors False Top
ms-DS-NC-Repl-Inbound-Neighbors False Top
ms-DS-NC-Repl-Outbound-Neighbors False Top
ms-DS-NC-RO-Replica-Locations-BL False Top
ms-DS-NC-Type False Top
ms-DS-Non-Members-BL False Top
ms-DS-Object-Reference-BL False Top
ms-DS-OIDToGroup-Link-BL False Top
ms-DS-Operations-For-Az-Role-BL False Top
ms-DS-Operations-For-Az-Task-BL False Top
ms-DS-Phonetic-Company-Name False Organizational-Person
ms-DS-Phonetic-Department False Organizational-Person
ms-DS-Phonetic-Display-Name False Organizational-Person
Mail-Recipient
ms-DS-Phonetic-First-Name False Organizational-Person
ms-DS-Phonetic-Last-Name False Organizational-Person
ms-DS-Primary-Computer False User
ms-DS-Principal-Name False Top
ms-DS-PSO-Applied False Top
ms-DS-Repl-Attribute-Meta-Data False Top
ms-DS-Repl-Value-Meta-Data False Top
ms-DS-Resultant-PSO False User
ms-DS-Revealed-DSAs False Top
ms-DS-Revealed-List-BL False Top
ms-DS-Secondary-KrbTgt-Number False User
ms-DS-Site-Affinity False User
ms-DS-Source-Object-DN False User
ms-DS-Supported-Encryption-Types False User
ms-DS-Tasks-For-Az-Role-BL False Top
ms-DS-Tasks-For-Az-Task-BL False Top
ms-DS-TDO-Egress-BL False Top
ms-DS-TDO-Ingress-BL False Top
ms-DS-User-Account-Control-Computed False User
ms-DS-User-Password-Expiry-Time-Computed False User
ms-DS-Value-Type-Reference-BL False Top
ms-Exch-Assistant-Name False Mail-Recipient
ms-Exch-House-Identifier False Organizational-Person
ms-Exch-LabeledURI False Mail-Recipient
ms-Exch-Owner-BL False Top
ms-IIS-FTP-Dir False User
ms-IIS-FTP-Root False User
MSMQ-Digests False User
MSMQ-Digests-Mig False User
MSMQ-Sign-Certificates False User
MSMQ-Sign-Certificates-Mig False User
msNPAllowDialin False User
msNPCallingStationID False User
msNPSavedCallingStationID False User
ms-PKI-AccountCredentials False User
ms-PKI-Credential-Roaming-Tokens False User
ms-PKI-DPAPIMasterKeys False User
ms-PKI-RoamingTimeStamp False User
msRADIUSCallbackNumber False User
ms-RADIUS-FramedInterfaceId False User
msRADIUSFramedIPAddress False User
ms-RADIUS-FramedIpv6Prefix False User
ms-RADIUS-FramedIpv6Route False User
msRADIUSFramedRoute False User
ms-RADIUS-SavedFramedInterfaceId False User
ms-RADIUS-SavedFramedIpv6Prefix False User
ms-RADIUS-SavedFramedIpv6Route False User
msRADIUSServiceType False User
msRASSavedCallbackNumber False User
msRASSavedFramedIPAddress False User
msRASSavedFramedRoute False User
msSFU-30-Name False User
msSFU-30-Nis-Domain False User
msSFU-30-Posix-Member-Of False Top
ms-TS-Allow-Logon False User
ms-TS-Broken-Connection-Action False User
ms-TS-Connect-Client-Drives False User
ms-TS-Connect-Printer-Drives False User
ms-TS-Default-To-Main-Printer False User
MS-TS-ExpireDate False User
MS-TS-ExpireDate2 False User
MS-TS-ExpireDate3 False User
MS-TS-ExpireDate4 False User
ms-TS-Home-Directory False User
ms-TS-Home-Drive False User
ms-TS-Initial-Program False User
MS-TS-LicenseVersion False User
MS-TS-LicenseVersion2 False User
MS-TS-LicenseVersion3 False User
MS-TS-LicenseVersion4 False User
MS-TSLS-Property01 False User
MS-TSLS-Property02 False User
MS-TS-ManagingLS False User
MS-TS-ManagingLS2 False User
MS-TS-ManagingLS3 False User
MS-TS-ManagingLS4 False User
ms-TS-Max-Connection-Time False User
ms-TS-Max-Disconnection-Time False User
ms-TS-Max-Idle-Time False User
ms-TS-Primary-Desktop False User
ms-TS-Profile-Path False User
MS-TS-Property01 False User
MS-TS-Property02 False User
ms-TS-Reconnection-Action False User
ms-TS-Remote-Control False User
ms-TS-Secondary-Desktops False User
ms-TS-Work-Directory False User
netboot-SCP-BL False Top
Network-Address False User
Non-Security-Member-BL False Top
Nt-Pwd-History False User
NT-Security-Descriptor True Top
Security-Principal
Obj-Dist-Name False Top
Object-Category True Top
Object-Class True Top
Object-Guid False Top
Object-Sid True Security-Principal
Object-Version False Top
Operator-Count False User
Organizational-Unit-Name False Organizational-Person
Organization-Name False User Organizational-Person
Other-Login-Workstations False User
Other-Mailbox False Organizational-Person
Other-Name False Organizational-Person
Other-Well-Known-Objects False Top
Partial-Attribute-Deletion-List False Top
Partial-Attribute-Set False Top
Personal-Title False Organizational-Person
Phone-Fax-Other False Organizational-Person
Phone-Home-Other False Organizational-Person
Phone-Home-Primary False User Organizational-Person
Phone-Ip-Other False Organizational-Person
Phone-Ip-Primary False Organizational-Person
Phone-ISDN-Primary False Organizational-Person
Phone-Mobile-Other False Organizational-Person
Phone-Mobile-Primary False User Organizational-Person
Phone-Office-Other False Organizational-Person
Phone-Pager-Other False Organizational-Person
Phone-Pager-Primary False User Organizational-Person
photo False User
Physical-Delivery-Office-Name False Organizational-Person
Picture False Organizational-Person
Possible-Inferiors False Top
Postal-Address False Organizational-Person
Postal-Code False Organizational-Person
Post-Office-Box False Organizational-Person
Preferred-Delivery-Method False Organizational-Person
preferredLanguage False User
Preferred-OU False User
Primary-Group-ID False User
Profile-Path False User
Proxied-Object-Name False Top
Proxy-Addresses False Top
Pwd-Last-Set False User
Query-Policy-BL False Top
RDN False Top
Registered-Address False Organizational-Person
Repl-Property-Meta-Data False Top
Repl-UpToDate-Vector False Top
Reports False Top
Reps-From False Top
Reps-To False Top
Revision False Top
Rid False Security-Principal
roomNumber False User
SAM-Account-Name True Security-Principal
SAM-Account-Type False Security-Principal
Script-Path False User
SD-Rights-Effective False Top
secretary False User Mail-Recipient
Security-Identifier False Security-Principal
See-Also False Person
Serial-Number False Person
Server-Reference-BL False Top
Service-Principal-Name False User
shadowExpire False shadowAccount
shadowFlag False shadowAccount
shadowInactive False shadowAccount
shadowLastChange False shadowAccount
shadowMax False shadowAccount
shadowMin False shadowAccount
shadowWarning False shadowAccount
Show-In-Address-Book False Mail-Recipient
Show-In-Advanced-View-Only False Top
SID-History False Security-Principal
Site-Object-BL False Top
State-Or-Province-Name False Organizational-Person
Street-Address False Organizational-Person
Structural-Object-Class False Top
Sub-Refs False Top
SubSchemaSubEntry False Top
Supplemental-Credentials False Security-Principal
Surname False Person
System-Flags False Top
Telephone-Number False Person
Mail-Recipient
Teletex-Terminal-Identifier False Organizational-Person
Telex-Number False Organizational-Person
Telex-Primary False Organizational-Person
Terminal-Server False User
Text-Country False Organizational-Person
Text-Encoded-OR-Address False Mail-Recipient
Title False Organizational-Person
Token-Groups False Security-Principal
Token-Groups-Global-And-Universal False Security-Principal
Token-Groups-No-GC-Acceptable False Security-Principal
uid False User posixAccount
shadowAccount
uidNumber False posixAccount
Unicode-Pwd False User
unixHomeDirectory False posixAccount
unixUserPassword False posixAccount
User-Account-Control False User
User-Cert False Mail-Recipient
User-Comment False Organizational-Person
User-Parameters False User
User-Password False Person
posixAccount
shadowAccount
userPKCS12 False User
User-Principal-Name False User
User-Shared-Folder False User
User-Shared-Folder-Other False User
User-SMIME-Certificate False User Mail-Recipient
User-Workstations False User
USN-Changed False Top
USN-Created False Top
USN-DSA-Last-Obj-Removed False Top
USN-Intersite False Top
USN-Last-Obj-Rem False Top
USN-Source False Top
Wbem-Path False Top
Well-Known-Objects False Top
When-Changed False Top
When-Created False Top
WWW-Home-Page False Top
WWW-Page-Other False Top
X121-Address False Organizational-Person
x500uniqueIdentifier False User
X509-Cert False User Mail-Recipient

Windows Server 2012 Extended Rights

This class contains the following extended rights for Windows Server 2012:

Windows Server 2012 Property Sets

This class contains the following property sets for Windows Server 2012: