Schema Attributes Reference

This attribute contains a list of the flags enabled on an account.

The types of business performed by an organization. Each type is one value of this multi-valued attribute.
For example, "engineering", "finance", and "sales".

This attribute type contains the license plate or vehicle registration number associated with the user.

This attribute type contains names of an object. Each name is one value of this multi-valued attribute. If the object corresponds to a person, it is typically the person's full name.

For example, "Martin K Smith", "Marty Smith" and "printer12".

This attribute contains the user's department.

This attribute contains a numerical designation for a department within your enterprise.

This attribute type contains human-readable descriptive phrases about the object. Each description is one value of this multi-valued attribute.

For example, "Updates are done every Saturday, at 1am.", and "distribution list for sales".

This attribute type contains country and city strings associated with the object (the addressee) needed to provide the Public Telegram Service. The strings are composed in accordance with CCITT Recommendations F.1 [F.1] and F.31 [F.31]. Each string is one value of this multi-valued attribute.

For example, "AASD" as a destination indicator for Sydney, Australia. "GBLD" as a destination indicator for London, United Kingdom.

The directory does not ensure that values of this attribute conform to the F.1 and F.31 CCITT recommendations. It is the application's responsibility to ensure destination indicators that it stores in this attribute are appropriately constructed.

This attribute contains the preferred name to be used for this person throughout the application.

This attribute contains the distinguished name by which the user is known. This default attribute must not be changed for a provisioning operation.

This attribute contains the fully qualified domain name for the service account.

This attribute contains the numerical identification key for this person within your enterprise.

This attribute contains a descriptive type for this user.

For example, contractor, full time, or part time.

This attribute contains external email address of the mail user. Mail user is an AD user having mailbox outside of organization.

This attribute type contains telephone numbers and any required parameters for facsimile terminals. Each telephone number is one value of this multi-valued attribute.

This attribute type contains name strings that are the part of a person's name that is not their surname. Each string is one value of this multi-valued attribute.

For example, "John", "Sue", and "David".

Exchange mailbox store DN. Required for mailbox creation.

This attribute contains the employees home phone number.

This attribute contains the employees mailing address.

This attribute type contains strings of initials of some or all of an individual's names, except the surname(s). Each string is one value of this multi-valued attribute.

For example, "J. A." and "J"

This attribute type contains Integrated Services Digital Network (ISDN) addresses, as defined in the International Telecommunication Union (ITU) Recommendation E.164 [E.164]. Each address is one value of this multi-valued attribute.

For example, "0198 444 444".

This attribute type contains names of a locality or place, such as a city, county, or other geographic region. Each name is one value of this multi-valued attribute.

For example, "Austin", "Chicago", and "Brisbane".

This attribute type contains the RFC822 mailbox for the user.

Exchange Alias.

This attribute type contains the distinguished name of the manager to whom this person reports.

This attribute type contains the account group membership for this person on the application.

This attribute type contains a list of shared mailboxes that the user has permissions for.

This attribute type contains the mobile telephone number of this person.

Name of the entity in the following format:

NetBIOS domain name\sAMAccountName

Hide from Exchange address lists.

This attribute type contains the type of the Microsoft Exchange recipient object.

Indicates whether the account has permission to dial in to the RAS server.

If this property is enabled, the server verifies the caller's phone number. If the caller's phone number does not match the configured phone number, the connection attempt is denied.

The phone number that is used by the server is set by either the caller or the network administrator. If this property is enabled, the server calls the caller back during the connection process.

Use this property to assign a specific IP address to a user when a connection is made.

Define a series of static IP routes that are added to the routing table of the server running the Routing and Remote Access service when a connection is made.

Domain NetBIOS Name of the account.

This attribute type contains the names of an organization. Each name is one value of this multi-valued attribute.

The values of the objectClass attribute describe the kind of object which an entry represents. The objectClass attribute is present in every entry, with at least two values. One of the values is either "top" or "alias".

Globally unique identifier of the object.

Windows Security Identifier.

Indicates type of the Active Directory objects.

For example, User, Contact

This attribute type contains the names of an organizational unit. Each name is one value of this multi-valued attribute.

For example, "Sales", "Human Resources", and "Information Technologies".

This attribute type contains the telephone number of this person's pager.

This attribute type contains names that a Postal Service uses to identify a specific post office.

For example, "Austin, Downtown Austin" and "Chicago, Finance Station E".

This attribute type contains addresses used by a Postal Service to perform services for the object. Each address is one value of this multi-valued attribute.

For example, "1111 Elm St.$Austin$Texas$USA".

This attribute type contains codes used by a Postal Service to identify postal service zones. Each code is one value of this multi-valued attribute.

For example, "78664", to identify Pflugerville, TX, in the USA.

This attribute type contains postal box identifiers use by a postal service to locate a box on the premises of the Postal Service rather than a physical street address. Each postal box identifier is a single value of this multi-valued attribute.

For example, "Box 27".

This attribute type contains an indication of the preferred method of getting a message to the object.

For example, If the mhs-delivery Delivery Method is preferred over telephone-delivery, which is preferred over all other methods, the value would be: "mhs $ telephone".

This attribute type contains the preferred written or spoken language of this person.

This attribute contains the distinguished name of the user's primary group.

This attribute contains the RID of the user's primary group.

This attribute contains the time of the last password reset.

This attribute type contains postal addresses to be used for deliveries that must be signed for or require a physical recipient. Each address is one value of this multi-valued attribute.

For example, "Receptionist$XYZ Technologies$6034 Courtyard Dr. $Austin, TX$USA".

This attribute type contains the room or office number or this person's normal work location.

This attribute type contains the sAMAccountName for this user.

This attribute type contains the distinguished name of this person's secretary.

This attribute type contains the distinguished names of objects that are related to the subject object. Each related object name is one value of this multi-valued attribute.

For example, the person object "cn=Elvis Presley,ou=employee,o=XYZ\, Inc." is related to the role objects "cn=Bowling Team Captain,ou=sponsored activities,o=XYZ\, Inc." and "cn=Dart Team,ou=sponsored activities,o=XYZ\, Inc.". Since the role objects are related to the person object, the seeAlso attribute contains the distinguished name of each role object as separate values.

This attribute contains the distinguished name of the linked mailbox shadow account.

This attribute contains the ObjectGuid of the linked mailbox shadow account.

This attribute type contains name strings for surnames, or family names. Each string is one value of this multi-valued attribute.

For example, "Smith".

This attribute type contains the full names of states or provinces. Each name is one value of this multi-valued attribute.

For example, "Texas".

This attribute type contains site information from a postal address (that is, the street name, place, avenue, and the house number). Each street is one value of this multi-valued attribute.

For example, "15 Main St.".

This attribute type contains telephone numbers that comply with the ITU Recommendation E.123 [E.123]. Each number is one value of this multi-valued attribute.

The withdrawal of Recommendation F.200 has resulted in the withdrawal of this attribute.

This attribute type contains sets of strings that are a telex number, country code, and answer back code of a telex terminal. Each set is one value of this multi-valued attribute

This attribute type contains the persons job title. Each title is one value of this multi-valued attribute.

For example, "Vice President", "Software Engineer", and "CEO".

This attribute type contains computer system login names associated with the object. Each name is one value of this multi-valued attribute.

For example, "s9709015", "admin", and "Administrator".

This attribute contains the unique name of the entity within the domain using the format "name@domain".

This attribute type contains names of an object. Each name is one value of this multi-valued attribute. If the object corresponds to a person, it is typically the person's full name.

For example, "Martin K Smith", "Marty Smith" and "printer12".

This attribute type contains human-readable descriptive phrases about the object. Each description is one value of this multi-valued attribute.

For example, "Updates are done every Saturday, at 1am.", and "distribution list for sales".

This attribute contains the distinguished name by which the user is known.

This is an Account ID which must not be changed.

This attribute type contains the group scope.

This attribute type contains the group type.

Exchange distribution group name.

This attribute type contains the group membership for this person on the application.

Name of the entity in the following format:

NetBIOS domain name\sAMAccountName

Domain NetBIOS Name of the group.

This attribute type contains the names of an organization. Each name is one value of this multi-valued attribute.

Windows Security Identifier.

Globally unique identifier of the object.

This attribute type contains the names of an organizational unit. Each name is one value of this multi-valued attribute.

For example, "Sales", "Human Resources", and "Information Technologies".

This attribute type contains the owner of the object.

This attribute type contains the sAMAccoutName for this group.

The roaming or mandatory profile path to be used when the user logs on to the RD Session Host server.

The root drive for the user.

The root directory for the user.

The path and file name of the application that the user wants to start automatically when the user logs on to the RD Session Host server.

The working directory path for the user.

A value that specifies whether to allow remote observation or remote control of the user's Remote Desktop Services session.

A value that specifies whether the user is allowed to log on to the RD Session Host server.

A value that specifies the action to be taken when a Remote Desktop Services session limit is reached.

A value that specifies if reconnection to a disconnected Remote Desktop Services session is allowed.

A value that specifies if mapped client drives should be reconnected when a Remote Desktop Services session is started.

A value that specifies whether to reconnect to mapped client printers at logon. The value is one if reconnection is enabled, and zero if reconnection is disabled.

A value that specifies whether to print automatically to the client's default printer. The value is one if printing to the client's default printer is enabled, and zero if it is disabled.

The maximum duration of the Remote Desktop Services session, in minutes. After the specified number of minutes have elapsed, the session can be disconnected or terminated.

The maximum amount of time, in minutes, that a disconnected Remote Desktop Services session remains active on the RD Session Host server. After the specified number of minutes have elapsed, the session is terminated.

The maximum amount of time that the Remote Desktop Services session can remain idle, in minutes. After the specified number of minutes has elapsed, the session can be disconnected or terminated.

Whether the user is currently enabled for Microsoft Lync\Skype for Business Server.

Name of the user DialPlan.

The line server URL.

Whether a user is enabled for federation.

Whether a user is enabled for access outside network.

Whether a user EnterpriseVoiceEnabled service is enabled.

The line Uniform Resource Identifier (URI).

This attribute contains the SIP address of a given user.

The name of Voice Policy.

The name of Mobility Policy.

The name of Conferencing Policy.

The name of Presence Policy.

The name of VoiceRouting Policy.

 The name of registrar pool.

The name of Location Policy.

The name of ClientVersion Policy.

The name of Conferencing Policy.

The name of ExternalAccess Policy.

The name of HostedVoicemail Policy.

The name of PersistentChat Policy.

The name of UserServices Policy.

The name of Experience Policy.

The name of Archiving Policy.

The name of LegalIntercept Policy.

The name of Pin Policy.

Whether a user pin is set.

Whether a user pin is locked. m

Accounts that can act on the behalf of this Group Managed Service Account. Values of this multi valued attribute must be in Distinguished Name format.

IQService is required to read and provision this property.

Principals allowed to use this Group Managed Service Account. Values of this multi valued attribute must be in Distinguished Name format.

IQService is required to read and provision this property.

Interval in days after which Active Directory changes the password of the Managed Service Account.

Supported Encryption Types for the Managed Service Account. This attribute can have multiple values.

For example, RC4, AES128, AES25

Service principal names for the Managed Service Account. This attribute is multi valued.

For example, MyService/Host1.example.com