AD FastReporter - Available Fields


Choose a report category and browse all available fields

Account Disabled

LDAP name: useraccountcontrol
Description: The account is disabled.

Account Expires (Date)

LDAP name: accountexpires
Description: The date when the account expires. If this date is not empty then account will expire at end of this date. Therefore, account will be working in this date.

Account Expires (In Days/Hours)

LDAP name: accountexpires
Description: The days and hours when the account expires.

Account Never Expires

LDAP name: accountexpires
Description: This account will never expire.

Account Type

LDAP name: samaccounttype
Description: This attribute contains information about every account type object.

Address Home

LDAP name: homePostalAddress
Description: User's home address.

Admin Description

LDAP name: adminDescription
Description: Description displayed on admin screens.

Admin Display Name

LDAP name: adminDisplayName
Description: Name to be displayed on admin screens.

Admin-Count

LDAP name: admincount
Description: Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). Anyone with adminCount=1 is or was a privileged user of some sort.

Cannot Change Password

LDAP name: useraccountcontrol
Description: The user cannot change the password.

Canonical Name

LDAP name: canonicalName
Description: Name of the object in canonical format, e.g. me.domain.com.

City

LDAP name: l
Description: City

Common Name

LDAP name: cn
Description: The name that represents an object.

Company

LDAP name: company
Description: User's company name.

Country

LDAP name: co
Description: The country in which the user is located.

Country Code

LDAP name: countrycode
Description: Specifies the country/region code for the user's language of choice.

Created

LDAP name: whencreated
Description: The date when this object was created.

Deleted

LDAP name: isDeleted
Description: If TRUE, this object has been marked for deletion and cannot be instantiated. After the tombstone period has expired, it will be removed from the system.

Department

LDAP name: department
Description: Contains the name of the department in which the user works.

Description

LDAP name: description
Description: Contains the description to display for an object.

Display Name

LDAP name: displayName
Description: Name displayed in the address book for a particular user. This is usually the combination of the user's first name, middle initial and last name.

Distinguished Name

LDAP name: distinguishedname
Description: The LDAP API references an LDAP object by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas.

Distribution Group Membership (Direct Member)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Division

LDAP name: division
Description: User's division

Domain Local Group Membership (Direct Member)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Don't Require Preauth

LDAP name: useraccountcontrol
Description: (Windows 2000/Windows Server 2003) This account does not require Kerberos pre-authentication for logon.

Email

LDAP name: mail
Description: Email address.

Employee ID

LDAP name: employeeID
Description: ID of an employee.

Employee Type

LDAP name: employeeType
Description: Job category for an employee.

Fax

LDAP name: facsimileTelephoneNumber
Description: Fax.

First Name

LDAP name: givenname
Description: Contains the given name (first name) of the user.

Global Group Membership (Direct Member)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Group Membership (All)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Group Membership (Direct Member)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Group Membership (Inherited/Parent)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Has Thumbnail Photo

LDAP name: thumbnailPhoto
Description: Has Thumbnail Photo.

Have Group Memberships

LDAP name: memberof
Description: Whether the user is a member of any group except the primary group.

Home Directory

LDAP name: homeDirectory
Description: The default home directory location that is mapped to the user's home directory. Useful to identify file servers quickly on the network, but be mindful of DFS (i.e. \domain\home\user vs \fileserver\home\user).

Home Directory Required

LDAP name: useraccountcontrol
Description: The home directory is required.

Home Drive

LDAP name: homeDrive
Description: Specifies the drive letter to which to map the UNC path specified by homeDirectory. Example, "H:".

House Identifier

LDAP name: houseIdentifier
Description: Specifies a linguistic construct used to identify a particular building, for example, a house number or house name relative to a street, avenue, town, city, and so on.

Initials

LDAP name: initials
Description: Contains the initials for parts of the user's full name. This may be used as the middle initial in the Windows Address Book.

Interdomain Trust Account

LDAP name: useraccountcontrol
Description: This is a permit to trust account for a system domain that trusts other domains.

IP phone

LDAP name: ipPhone
Description: IP phone.

Is Critical System Object

LDAP name: iscriticalsystemobject
Description: If TRUE, the object hosting this attribute must be replicated during installation of a new replica.

Is Domain Guest

LDAP name: primaryGroupId
Description: Is this user's primary group is Domain Guests.

Is Domain User

LDAP name: primaryGroupId
Description: Is this user's primary group is Domain Users.

Is Temp Duplicate Account

LDAP name: useraccountcontrol
Description: This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. Also known as a local user account.

Last Bad Password Logon Attempt Time

LDAP name: badpasswordtime
Description: The last time and date that an attempt to log on to this account was made with a password that is not valid. This attribute is not replicated.

Last Known Parent

LDAP name: lastKnownParent
Description: The Distinguished Name (DN) of the last known parent of an orphaned object.

Last Logon DC

LDAP name: lastLogon
Description: The domain controller that authenticated this computer the last time it logged on to the network.

Last Logon Time

LDAP name: lastlogon
Description: The last time the user logged on.

Last Name

LDAP name: sn
Description: This attribute contains the family or last name for a user.

Locality Name

LDAP name: l
Description: Contains the locality, such as the town or city, in the user's address.

Locked Out

LDAP name: lockoutTime
Description: The account is currently locked out. Calculated by attribute lockoutTime value and Account Lockout Policy Account lockout duration setting.

Lockout Time

LDAP name: lockoutTime
Description: The date and time (UTC) that this account was locked out.

Logon Count

LDAP name: logoncount
Description: The number of times the account has successfully logged on.

Logon Name

LDAP name: samaccountname
Description: The username (the logon name used to support clients and servers running earlier versions of the operating system.)

Logon Script

LDAP name: scriptPath
Description: Logon Script.

Logon Script Executed

LDAP name: useraccountcontrol
Description: The logon script is executed.

Logon Workstations

LDAP name: userWorkstations
Description: Contains the NetBIOS or DNS names of the computers running Windows NT Workstation or Windows 2000 Professional from which the user can log on. A comma separates each NetBIOS name.

Managed Accounts

Description: Managed Accounts.

Managed Accounts Count

Description: Managed Accounts Count.

Manager

LDAP name: manager
Description: Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name.

Manager Account Type

LDAP name: manager
Description: Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name.

Manager Description

LDAP name: manager
Description: Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name.

Mobile

LDAP name: mobile
Description: Mobile.

Modified

LDAP name: whenchanged
Description: The date when this object was last changed. This value is not replicated and exists in the global catalog.

Must change password at next logon

LDAP name: pwdLastSet
Description: Must change password at next logon. pwdLastSet = 0.

Name

LDAP name: name
Description: Object name.

Network Access Permission

LDAP name: msNPAllowDialin
Description: Indicates whether the account has permission to dial in to the RAS server.

Not Delegated

LDAP name: useraccountcontrol
Description: The security context of the user will not be delegated to a service even if the service account is set as trusted for Kerberos delegation.

Notes

LDAP name: info
Description: User's notes.

Number of Bad Password Logon Attempts

LDAP name: badpwdcount
Description: The number of times the user tried to log on to the account using an incorrect password. This number is taken from domain controller containing the latest bad password time.

Number of Groups (Direct)

LDAP name: memberof
Description: Count of direct group membership.

Object Category

LDAP name: objectcategory
Description: An object class name used to group objects of this or derived classes.

Object Class

LDAP name: objectclass
Description: The list of classes from which this class is derived.

Office

LDAP name: physicalDeliveryOfficeName
Description: Office.

P.O.Box

LDAP name: postOfficeBox
Description: P.O.Box

Pager

LDAP name: pager
Description: Pager.

Parent Container

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is a container.

Parent Name

Description: Gets this entry's parent name in the Active Directory Domain Services hierarchy.

Parent OU

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is an organizational unit.

Password Expire Date

LDAP name: msDS-UserPasswordExpiryTimeComputed
Description: (Windows Server 2008 and newer) This attribute indicates the time when the password of the object will expire.

Password Expired

LDAP name: useraccountcontrol
Description: The user password has expired. This flag is created by the system using data from the Pwd-Last-Set attribute and the domain policy.

Password Last Changed

LDAP name: pwdlastset
Description: The date and time that the password for this account was last changed.

Password Never Expires

LDAP name: useraccountcontrol
Description: The password for this account will never expire.

Password Not Required

LDAP name: useraccountcontrol
Description: No password is required.

Phone Home Primary

LDAP name: homePhone
Description: User's main home phone number.

Primary Group

LDAP name: primarygroupid
Description: Contains the relative identifier (RID) for the primary group of the user. By default, this is the RID for the Domain Users group.

Principal Name

LDAP name: userPrincipalName
Description: This attribute contains the UPN that is an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. By convention, this should map to the user email name. The value set for this attribute is equal to the length of the user's ID and the domain name.

Profile Path

LDAP name: profilePath
Description: Profile Path.

Protected From Accidental Deletion

Description: Is object protected from accidental deletion. It is calculated from access control entry (ACE) - deny Delete + DeleteTree. Can take some time to calculate that is why advised to use other filters to narrow down record count.

Security Group Membership (Direct Member)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Security Identifier (SID)

LDAP name: objectsid
Description: A binary value that specifies the security identifier (SID) of the user. The SID is a unique value used to identify the user as a security principal.

Smart Card Required

LDAP name: useraccountcontrol
Description: The user must log on using a smart card.

State/Province

LDAP name: st
Description: State/Province.

Store Passwords Using Reversible Encryption

LDAP name: useraccountcontrol
Description: The user can send an encrypted password.

Street Address

LDAP name: streetAddress
Description: The Street address.

Supported Encryption Types

LDAP name: msds-supportedencryptiontypes
Description: The encryption algorithms supported by user, computer or trust accounts.

Telephone Number

LDAP name: telephoneNumber
Description: Telephone Number.

Title

LDAP name: title
Description: Title.

Trusted For Delegation

LDAP name: useraccountcontrol
Description: The service account (user or computer account), under which a service runs, is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service.

Trusted To Authenticate For Delegation

LDAP name: useraccountcontrol
Description: (Windows 2000/Windows Server 2003) The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be strictly controlled. This setting enables a service running under the account to assume a client identity and authenticate as that user to other remote servers on the network.

Universal Group Membership (Direct Member)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Use DES Key Only

LDAP name: useraccountcontrol
Description: Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.

Web Page

LDAP name: wWWHomePage
Description: Web Page.

Zip/Postal Code

LDAP name: postalCode
Description: Zip/Postal Code.

Account Disabled

LDAP name: useraccountcontrol
Description: The account is disabled.

Account Type

LDAP name: samaccounttype
Description: This attribute contains information about every account type object.

Admin Description

LDAP name: adminDescription
Description: Description displayed on admin screens.

Admin Display Name

LDAP name: adminDisplayName
Description: Name to be displayed on admin screens.

Admin-Count

LDAP name: admincount
Description: Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). Anyone with adminCount=1 is or was a privileged user of some sort.

Cannot Change Password

LDAP name: useraccountcontrol
Description: The user cannot change the password.

Canonical Name

LDAP name: canonicalName
Description: Name of the object in canonical format, e.g. me.domain.com.

Common Name

LDAP name: cn
Description: The name that represents an object.

Created

LDAP name: whencreated
Description: The date when this object was created.

Deleted

LDAP name: isDeleted
Description: If TRUE, this object has been marked for deletion and cannot be instantiated. After the tombstone period has expired, it will be removed from the system.

Description

LDAP name: description
Description: Contains the description to display for an object.

Display Name

LDAP name: displayname
Description: The display name for an object.

Distinguished Name

LDAP name: distinguishedname
Description: The LDAP API references an LDAP object by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas.

DNS Name

LDAP name: dnshostname
Description: Name of the computer as registered in DNS.

Domain Local Group Membership (Direct Member)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Don't Require Preauth

LDAP name: useraccountcontrol
Description: (Windows 2000/Windows Server 2003) This account does not require Kerberos pre-authentication for logon.

Global Group Membership (Direct Member)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Group Membership (All)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Group Membership (Direct Member)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Group Membership (Inherited/Parent)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Have Group Memberships

LDAP name: memberof
Description: Whether the computer is a member of any group except the primary group.

Home Directory Required

LDAP name: useraccountcontrol
Description: The home directory is required.

Interdomain Trust Account

LDAP name: useraccountcontrol
Description: This is a permit to trust account for a system domain that trusts other domains.

IPv4

Description: Computer IPv4 address.

IPv6

Description: Computer IPv6 address.

Is Critical System Object

LDAP name: iscriticalsystemobject
Description: If TRUE, the object hosting this attribute must be replicated during installation of a new replica.

Is Domain Controller

LDAP name: primaryGroupId
Description: Is this computer a domain controller. Checks primaryGroupId attribute for values 516 and 521.

Is Temp Duplicate Account

LDAP name: useraccountcontrol
Description: This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. Also known as a local user account.

Last Bad Password Logon Attempt Time

LDAP name: badpasswordtime
Description: The last time and date that an attempt to log on to this account was made with a password that is not valid. This attribute is not replicated.

Last Known Parent

LDAP name: lastKnownParent
Description: The Distinguished Name (DN) of the last known parent of an orphaned object.

Last Logon DC

LDAP name: lastLogon
Description: The domain controller that authenticated this computer the last time it logged on to the network.

Last Logon Time

LDAP name: lastlogon
Description: The last time the user logged on.

Local Policy Flags

LDAP name: localpolicyflags
Description: Flags that determine where a computer gets its policy.

Locked Out

LDAP name: lockoutTime
Description: The account is currently locked out. Calculated by attribute lockoutTime value and Account Lockout Policy Account lockout duration setting.

Lockout Time

LDAP name: lockoutTime
Description: The date and time (UTC) that this account was locked out.

Logon Count

LDAP name: logoncount
Description: The number of times the account has successfully logged on.

Logon Name

LDAP name: samaccountname
Description: The username (the logon name used to support clients and servers running earlier versions of the operating system.)

Logon Script Executed

LDAP name: useraccountcontrol
Description: The logon script is executed.

Manager

LDAP name: manager
Description: Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name.

Manager Account Type

LDAP name: manager
Description: Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name.

Manager Description

LDAP name: manager
Description: Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name.

Modified

LDAP name: whenchanged
Description: The date when this object was last changed. This value is not replicated and exists in the global catalog.

Name

LDAP name: name
Description: Object name.

Not Delegated

LDAP name: useraccountcontrol
Description: The security context of the user will not be delegated to a service even if the service account is set as trusted for Kerberos delegation.

Number of Bad Password Logon Attempts

LDAP name: badpwdcount
Description: The number of times the user tried to log on to the account using an incorrect password. This number is taken from domain controller containing the latest bad password time.

Number of Groups (Direct)

LDAP name: memberof
Description: Count of direct group membership.

Object Category

LDAP name: objectcategory
Description: An object class name used to group objects of this or derived classes.

Object Class

LDAP name: objectclass
Description: The list of classes from which this class is derived.

Operating System

LDAP name: operatingsystem
Description: The Operating System name, for example, Windows 10.

OS Service Pack

LDAP name: operatingsystemservicepack
Description: The operating system service pack ID string (for example, SP3).

OS Version

LDAP name: operatingsystemversion
Description: The operating system version string, for example, 4.0.

Parent Container

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is a container.

Parent Name

Description: Gets this entry's parent name in the Active Directory Domain Services hierarchy.

Parent OU

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is an organizational unit.

Password Expired

LDAP name: useraccountcontrol
Description: The user password has expired. This flag is created by the system using data from the Pwd-Last-Set attribute and the domain policy.

Password Last Changed

LDAP name: pwdlastset
Description: The date and time that the password for this account was last changed.

Password Never Expires

LDAP name: useraccountcontrol
Description: The password for this account will never expire.

Password Not Required

LDAP name: useraccountcontrol
Description: No password is required.

Primary Group

LDAP name: primarygroupid
Description: Contains the relative identifier (RID) for the primary group of the user. By default, this is the RID for the Domain Users group.

Protected From Accidental Deletion

Description: Is object protected from accidental deletion. It is calculated from access control entry (ACE) - deny Delete + DeleteTree. Can take some time to calculate that is why advised to use other filters to narrow down record count.

RID Set References

LDAP name: ridsetreferences
Description: List of references to RID-Set objects that manage Relative Identifier (RID) allocation.

Security Group Membership (Direct Member)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Security Identifier (SID)

LDAP name: objectsid
Description: A binary value that specifies the security identifier (SID) of the user. The SID is a unique value used to identify the user as a security principal.

Server Reference BL

LDAP name: serverreferencebl
Description: Found in the domain-naming context. The distinguished name of a computer under the sites folder.

Server Trust Account

LDAP name: useraccountcontrol
Description: This is a computer account for a system backup domain controller that is a member of this domain.

Supported Encryption Types

LDAP name: msds-supportedencryptiontypes
Description: The encryption algorithms supported by user, computer or trust accounts.

Trusted For Delegation

LDAP name: useraccountcontrol
Description: The service account (user or computer account), under which a service runs, is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service.

Trusted To Authenticate For Delegation

LDAP name: useraccountcontrol
Description: (Windows 2000/Windows Server 2003) The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be strictly controlled. This setting enables a service running under the account to assume a client identity and authenticate as that user to other remote servers on the network.

Universal Group Membership (Direct Member)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Use DES Key Only

LDAP name: useraccountcontrol
Description: Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.

Workstation Trust Account

LDAP name: useraccountcontrol
Description: This is a computer account for a computer that is a member of this domain.

Account Type

LDAP name: samaccounttype
Description: This attribute contains information about every account type object.

Admin Description

LDAP name: adminDescription
Description: Description displayed on admin screens.

Admin Display Name

LDAP name: adminDisplayName
Description: Name to be displayed on admin screens.

Canonical Name

LDAP name: canonicalName
Description: Name of the object in canonical format, e.g. me.domain.com.

Common Name

LDAP name: cn
Description: The name that represents an object.

Contains Member from External Domain

Description: Contains Member from External Domain.

Created

LDAP name: whencreated
Description: The date when this object was created.

Deleted

LDAP name: isDeleted
Description: If TRUE, this object has been marked for deletion and cannot be instantiated. After the tombstone period has expired, it will be removed from the system.

Description

LDAP name: description
Description: Contains the description to display for an object.

Distinguished Name

LDAP name: distinguishedname
Description: The LDAP API references an LDAP object by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas.

Group Members (All)

Description: All group members.

Group Members (Direct)

Description: Direct group members.

Group Members (Inherited/Parent)

Description: Inherited group members.

Group Membership (All)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Group Membership (Direct Member)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Group Membership (Inherited/Parent)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Group Scope

LDAP name: grouptype
Description: Contains a set of flags that define the type and scope of a group object.

Group Type

LDAP name: grouptype
Description: Contains a set of flags that define the type and scope of a group object.

Have Group Memberships

LDAP name: memberof
Description: Whether the group is a member of any group except the primary group.

Is Critical System Object

LDAP name: iscriticalsystemobject
Description: If TRUE, the object hosting this attribute must be replicated during installation of a new replica.

Last Known Parent

LDAP name: lastKnownParent
Description: The Distinguished Name (DN) of the last known parent of an orphaned object.

Logon Name

LDAP name: samaccountname
Description: The username (the logon name used to support clients and servers running earlier versions of the operating system.)

Managed Accounts

Description: Managed Accounts.

Managed Accounts Count

Description: Managed Accounts Count.

Manager

LDAP name: manager
Description: Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name.

Manager Account Type

LDAP name: manager
Description: Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name.

Manager Description

LDAP name: manager
Description: Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name.

Modified

LDAP name: whenchanged
Description: The date when this object was last changed. This value is not replicated and exists in the global catalog.

Name

LDAP name: name
Description: Object name.

Number of Groups (Direct)

LDAP name: memberof
Description: Count of direct group membership.

Number of Members (All)

Description: Number Of Members (Direct + Inherited).

Number of Members (Direct)

Description: Number Of Members (Direct)

Object Category

LDAP name: objectcategory
Description: An object class name used to group objects of this or derived classes.

Object Class

LDAP name: objectclass
Description: The list of classes from which this class is derived.

Parent Container

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is a container.

Parent Name

Description: Gets this entry's parent name in the Active Directory Domain Services hierarchy.

Parent OU

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is an organizational unit.

Protected From Accidental Deletion

Description: Is object protected from accidental deletion. It is calculated from access control entry (ACE) - deny Delete + DeleteTree. Can take some time to calculate that is why advised to use other filters to narrow down record count.

Security Identifier (SID)

LDAP name: objectsid
Description: A binary value that specifies the security identifier (SID) of the user. The SID is a unique value used to identify the user as a security principal.

System Flags

LDAP name: systemflags
Description: An integer value that contains flags that define additional properties of the class.

Accept messages from authenticated users only

LDAP name: msExchRequireAuthToSendTo
Description: Require That All Senders Are Authenticated.

Alternative Recipient

LDAP name: altRecipient
Description: An alternative recipient to receive e-mail.

Common Name

LDAP name: cn
Description: The name that represents an object.

Deleted

LDAP name: isDeleted
Description: If TRUE, this object has been marked for deletion and cannot be instantiated. After the tombstone period has expired, it will be removed from the system.

Display Name

LDAP name: displayname
Description: The display name for an object.

Distinguished Name

LDAP name: distinguishedname
Description: The LDAP API references an LDAP object by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas.

Distribution Group Membership (Direct Member)

LDAP name: memberof
Description: This attribute specifies the distinguished names of the groups to which this object belongs.

Email Addresses

LDAP name: mail
Description: The list of email addresses for a contact.

Email Alias

LDAP name: mailNickname
Description: Email alias.

Email Proxy Addresses

LDAP name: proxyAddresses
Description: A proxy address is the address by which a Microsoft Exchange Server recipient object is recognized in a foreign mail system. Proxy addresses are required for all recipient objects, such as custom recipients and distribution lists.

External e-mail addresses

LDAP name: targetaddress
Description: External e-mail addresses.

Hidden From Address Lists

LDAP name: msExchHideFromAddressLists
Description: Determines if the recipient appears in address lists.

Home Mail Server

LDAP name: msExchHomeServerName
Description: Microsoft Exchange Home Server Name.

Home MDB

LDAP name: homeMDB
Description: Home mailbox database.

Home MTA

LDAP name: homeMTA
Description: Home MTA.

IMAP4 Enabled

LDAP name: protocolSettings
Description: IMAP4 is an Internet standard protocol used by e-mail clients to retrieve e-mail messages from a mail server.

Last Known Parent

LDAP name: lastKnownParent
Description: The Distinguished Name (DN) of the last known parent of an orphaned object.

Legacy Exchange DN

LDAP name: legacyExchangeDN
Description: Legacy Exchange DN.

MAPI Enabled

LDAP name: protocolSettings
Description: MAPI protocol enables access to a Microsoft Exchange mailbox from MAPI client like Microsoft Outlook.

Maximum Recipients

LDAP name: msExchRecipLimit
Description: Maximum Recipient Limit.

Name

LDAP name: name
Description: Object name.

Object Category

LDAP name: objectcategory
Description: An object class name used to group objects of this or derived classes.

Object Class

LDAP name: objectclass
Description: The list of classes from which this class is derived.

Object Type

Description: Object type like user, group or contact.

OWA Enabled

LDAP name: protocolSettings
Description: Outlook Web App enables access to a Microsoft Exchange mailbox from a Web browser.

Parent Container

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is a container.

Parent Name

Description: Gets this entry's parent name in the Active Directory Domain Services hierarchy.

Parent OU

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is an organizational unit.

POP3 Enabled

LDAP name: protocolSettings
Description: POP3 is an application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server.

Protected From Accidental Deletion

Description: Is object protected from accidental deletion. It is calculated from access control entry (ACE) - deny Delete + DeleteTree. Can take some time to calculate that is why advised to use other filters to narrow down record count.

Receiving Maximum Message Size (KB)

LDAP name: delivContLength
Description: Receiving Maximum Message Size (KB)

Sending Maximum Message Size (KB)

LDAP name: submissionContLength
Description: Sending Maximum Message Size (in KB).

Use Default Storage Limits

LDAP name: mDBUseDefaults
Description: Indicates whether the store should use the default quota, rather than the per-mailbox quota.

Address Home

LDAP name: homePostalAddress
Description: User's home address.

Admin Description

LDAP name: adminDescription
Description: Description displayed on admin screens.

Admin Display Name

LDAP name: adminDisplayName
Description: Name to be displayed on admin screens.

Canonical Name

LDAP name: canonicalName
Description: Name of the object in canonical format, e.g. me.domain.com.

City

LDAP name: l
Description: City

Common Name

LDAP name: cn
Description: The name that represents an object.

Company

LDAP name: company
Description: Contact's company name.

Country

LDAP name: co
Description: The country in which the user is located.

Country Code

LDAP name: countrycode
Description: Specifies the country/region code for the user's language of choice.

Created

LDAP name: whencreated
Description: The date when this object was created.

Deleted

LDAP name: isDeleted
Description: If TRUE, this object has been marked for deletion and cannot be instantiated. After the tombstone period has expired, it will be removed from the system.

Department

LDAP name: department
Description: Contains the name of the department in which the user works.

Description

LDAP name: description
Description: Contains the description to display for an object.

Display Name

LDAP name: displayName
Description: Name displayed in the address book for a particular user. This is usually the combination of the user's first name, middle initial and last name.

Distinguished Name

LDAP name: distinguishedname
Description: The LDAP API references an LDAP object by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas.

Division

LDAP name: division
Description: Contact's division

Email

LDAP name: mail
Description: Email address.

Employee ID

LDAP name: employeeID
Description: ID of an employee.

Fax

LDAP name: facsimileTelephoneNumber
Description: Fax.

First Name

LDAP name: givenname
Description: Contains the given name (first name) of the user.

Has Thumbnail Photo

LDAP name: thumbnailPhoto
Description: Has Thumbnail Photo.

House Identifier

LDAP name: houseIdentifier
Description: Specifies a linguistic construct used to identify a particular building, for example, a house number or house name relative to a street, avenue, town, city, and so on.

Initials

LDAP name: initials
Description: Contains the initials for parts of the user's full name. This may be used as the middle initial in the Windows Address Book.

IP phone

LDAP name: ipPhone
Description: IP phone.

Last Known Parent

LDAP name: lastKnownParent
Description: The Distinguished Name (DN) of the last known parent of an orphaned object.

Last Name

LDAP name: sn
Description: This attribute contains the family or last name for a user.

Locality Name

LDAP name: l
Description: Contains the locality, such as the town or city, in the user's address.

Managed Accounts

Description: Managed Accounts.

Managed Accounts Count

Description: Managed Accounts Count.

Manager

LDAP name: manager
Description: Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name.

Manager Account Type

LDAP name: manager
Description: Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name.

Manager Description

LDAP name: manager
Description: Contains the distinguished name of the user who is the user's manager. The manager's user object contains a directReports property that contains references to all user objects that have their manager properties set to this distinguished name.

Mobile

LDAP name: mobile
Description: Mobile.

Modified

LDAP name: whenchanged
Description: The date when this object was last changed. This value is not replicated and exists in the global catalog.

Name

LDAP name: name
Description: Object name.

Notes

LDAP name: info
Description: Contact's notes.

Object Category

LDAP name: objectcategory
Description: An object class name used to group objects of this or derived classes.

Object Class

LDAP name: objectclass
Description: The list of classes from which this class is derived.

Office

LDAP name: physicalDeliveryOfficeName
Description: Office.

P.O.Box

LDAP name: postOfficeBox
Description: P.O.Box

Pager

LDAP name: pager
Description: Pager.

Parent Container

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is a container.

Parent Name

Description: Gets this entry's parent name in the Active Directory Domain Services hierarchy.

Parent OU

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is an organizational unit.

Phone Home Primary

LDAP name: homePhone
Description: Contact's main home phone number.

Protected From Accidental Deletion

Description: Is object protected from accidental deletion. It is calculated from access control entry (ACE) - deny Delete + DeleteTree. Can take some time to calculate that is why advised to use other filters to narrow down record count.

State/Province

LDAP name: st
Description: State/Province.

Street Address

LDAP name: streetAddress
Description: The Street address.

Telephone Number

LDAP name: telephoneNumber
Description: Telephone Number.

Title

LDAP name: title
Description: Title.

Web Page

LDAP name: wWWHomePage
Description: Web Page.

Zip/Postal Code

LDAP name: postalCode
Description: Zip/Postal Code.

Admin Description

LDAP name: adminDescription
Description: Description displayed on admin screens.

Admin Display Name

LDAP name: adminDisplayName
Description: Name to be displayed on admin screens.

Bin Names

LDAP name: printbinnames
Description: A list of printer bin names.

Can Print Color

LDAP name: printcolor
Description: TRUE if a printer can print in color.

Canonical Name

LDAP name: canonicalName
Description: Name of the object in canonical format, e.g. me.domain.com.

Common Name

LDAP name: cn
Description: The name that represents an object.

Created

LDAP name: whencreated
Description: The date when this object was created.

Deleted

LDAP name: isDeleted
Description: If TRUE, this object has been marked for deletion and cannot be instantiated. After the tombstone period has expired, it will be removed from the system.

Distinguished Name

LDAP name: distinguishedname
Description: The LDAP API references an LDAP object by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas.

Driver Name

LDAP name: drivername
Description: The device driver name.

Driver Version

LDAP name: driverversion
Description: The version number of the device driver.

Duplex Supported

LDAP name: printduplexsupported
Description: Indicates the type of duplex support a printer has.

Flags

LDAP name: flags
Description: To be used by the object to store bit information.

Last Known Parent

LDAP name: lastKnownParent
Description: The Distinguished Name (DN) of the last known parent of an orphaned object.

Location

LDAP name: location
Description: Location

Memory

LDAP name: printmemory
Description: The amount of memory installed in a printer.

Modified

LDAP name: whenchanged
Description: The date when this object was last changed. This value is not replicated and exists in the global catalog.

Name

LDAP name: name
Description: Object name.

Name

LDAP name: printername
Description: The display name of an attached printer.

Object Category

LDAP name: objectcategory
Description: An object class name used to group objects of this or derived classes.

Object Class

LDAP name: objectclass
Description: The list of classes from which this class is derived.

Parent Container

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is a container.

Parent Name

Description: Gets this entry's parent name in the Active Directory Domain Services hierarchy.

Parent OU

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is an organizational unit.

Port Name

LDAP name: portname
Description: List of port names. For example, for printer ports or COM ports.

Print Collate

LDAP name: printcollate
Description: TRUE if a printer has collating bins.

Print End Time

LDAP name: printendtime
Description: The time a print queue stops servicing jobs.

Print Keep Printed Jobs

LDAP name: printkeepprintedjobs
Description: TRUE if printed jobs are kept.

Print Orientations Supported

LDAP name: printorientationssupported
Description: The page rotation for landscape printing.

Print Pages per Minute

LDAP name: printpagesperminute
Description: Driver-supplied print rate in pages per minute.

Print Rate

LDAP name: printrate
Description: Driver-supplied print rate.

Print Rate Unit

LDAP name: printrateunit
Description: Driver-supplied print rate unit.

Print Spooling

LDAP name: printspooling
Description: A string that represents the type of printer spooling. Possible values: PrintDirect, PrintWhileSpooling, PrintAfterSpooled.

Print Stapling Supported

LDAP name: printstaplingsupported
Description: TRUE if the printer supports stapling. Supplied by the driver.

Print Start Time

LDAP name: printstarttime
Description: The time a print queue begins servicing jobs.

Priority

LDAP name: priority
Description: Priority

Server Name

LDAP name: servername
Description: The name of a server.

Share Name

LDAP name: printsharename
Description: The printer's share name.

Short Server Name

LDAP name: shortservername
Description: Pre-Windows 2000 compatible server name for print servers.

UNC Name

LDAP name: uncname
Description: The universal naming convention name for shared volumes and printers.

URL

LDAP name: url
Description: URL

Admin Description

LDAP name: adminDescription
Description: Description displayed on admin screens.

Admin Display Name

LDAP name: adminDisplayName
Description: Name to be displayed on admin screens.

Canonical Name

LDAP name: canonicalName
Description: Name of the object in canonical format, e.g. me.domain.com.

Common Name

LDAP name: cn
Description: The name that represents an object.

Computer Version

LDAP name: versionnumber
Description: Computer configuration version number.

Created

LDAP name: whencreated
Description: The date when this object was created.

Deleted

LDAP name: isDeleted
Description: If TRUE, this object has been marked for deletion and cannot be instantiated. After the tombstone period has expired, it will be removed from the system.

Display Name

LDAP name: displayname
Description: The display name for an object.

Distinguished Name

LDAP name: distinguishedname
Description: The LDAP API references an LDAP object by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas.

GPC Functionality Version

LDAP name: gpcfunctionalityversion
Description: The version of the Group Policy Editor that created this object.

GPC Machine Extension Names

LDAP name: gpcmachineextensionnames
Description: Used by the Group Policy Object for computer policies.

Is Critical System Object

LDAP name: iscriticalsystemobject
Description: If TRUE, the object hosting this attribute must be replicated during installation of a new replica.

Last Known Parent

LDAP name: lastKnownParent
Description: The Distinguished Name (DN) of the last known parent of an orphaned object.

Linked Domains

LDAP name: distinguishedname
Description: Get all domains that have link to this GPO.

Linked Objects

LDAP name: distinguishedname
Description: Get all objects that have link to this GPO.

Linked OUs

LDAP name: distinguishedname
Description: Get all organizational units that have link to this GPO.

Linked Sites

LDAP name: distinguishedname
Description: Get all sites that have link to this GPO.

Modified

LDAP name: whenchanged
Description: The date when this object was last changed. This value is not replicated and exists in the global catalog.

Name

LDAP name: name
Description: Object name.

Object Category

LDAP name: objectcategory
Description: An object class name used to group objects of this or derived classes.

Object Class

LDAP name: objectclass
Description: The list of classes from which this class is derived.

Parent Container

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is a container.

Parent Name

Description: Gets this entry's parent name in the Active Directory Domain Services hierarchy.

Parent OU

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is an organizational unit.

Show in Advanced View Only

LDAP name: showinadvancedviewonly
Description: TRUE if this attribute is to be visible in the Advanced mode of the UI.

State

LDAP name: flags
Description: Stores the state of the GPO.

System Flags

LDAP name: systemflags
Description: An integer value that contains flags that define additional properties of the class.

SYSVOL File Path

LDAP name: gpcfilesyspath
Description: This attribute specifies the Universal Naming Convention (UNC) path to the Group Policy Object template located in the system volume (SYSVOL).

User Version

LDAP name: versionnumber
Description: User configuration version number.

Admin Description

LDAP name: adminDescription
Description: Description displayed on admin screens.

Admin Display Name

LDAP name: adminDisplayName
Description: Name to be displayed on admin screens.

Canonical Name

LDAP name: canonicalName
Description: Name of the object in canonical format, e.g. me.domain.com.

Child Object Count

Description: Child Object Count.

Child Object Count (Computer)

Description: Child Object Count (Computer).

Child Object Count (Group)

Description: Child Object Count (Group).

Child Object Count (User)

Description: Child Object Count (User).

Created

LDAP name: whencreated
Description: The date when this object was created.

Deleted

LDAP name: isDeleted
Description: If TRUE, this object has been marked for deletion and cannot be instantiated. After the tombstone period has expired, it will be removed from the system.

Description

LDAP name: description
Description: Contains the description to display for an object.

Distinguished Name

LDAP name: distinguishedname
Description: The LDAP API references an LDAP object by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas.

Has GPO Linked

LDAP name: gPLink
Description: Is there any Group Policy options linked to this object.

Is Critical System Object

LDAP name: iscriticalsystemobject
Description: If TRUE, the object hosting this attribute must be replicated during installation of a new replica.

Last Known Parent

LDAP name: lastKnownParent
Description: The Distinguished Name (DN) of the last known parent of an orphaned object.

Linked GPOs

LDAP name: gPLink
Description: A sorted list of Group Policy options. Each option is a DWORD. Use of the UNICODE string is a convenience.

Manager

LDAP name: manager
Description: The distinguished name of the user that is assigned to manage this object.

Manager Account Type

LDAP name: manager
Description: The distinguished name of the user that is assigned to manage this object.

Manager Description

LDAP name: manager
Description: The distinguished name of the user that is assigned to manage this object.

Modified

LDAP name: whenchanged
Description: The date when this object was last changed. This value is not replicated and exists in the global catalog.

Name

LDAP name: name
Description: Object name.

Object Category

LDAP name: objectcategory
Description: An object class name used to group objects of this or derived classes.

Object Class

LDAP name: objectclass
Description: The list of classes from which this class is derived.

Organizational Unit Name

LDAP name: ou
Description: The name of the organizational unit.

Parent Container

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is a container.

Parent Name

Description: Gets this entry's parent name in the Active Directory Domain Services hierarchy.

Parent OU

Description: Gets this entry's parent in the Active Directory Domain Services hierarchy. Return parent name if it is an organizational unit.

Protected From Accidental Deletion

Description: Is object protected from accidental deletion. It is calculated from access control entry (ACE) - deny Delete + DeleteTree. Can take some time to calculate that is why advised to use other filters to narrow down record count.

Show in Advanced View Only

LDAP name: showinadvancedviewonly
Description: TRUE if this attribute is to be visible in the Advanced mode of the UI.

System Flags

LDAP name: systemflags
Description: An integer value that contains flags that define additional properties of the class.


Copyright © Albus Bit SIA