Constructed attributes for AD objects.
| Name | LDAP Display Name |
|---|---|
| Allowed-Attributes | allowedAttributes |
| Allowed-Attributes-Effective | allowedAttributesEffective |
| Allowed-Child-Classes | allowedChildClasses |
| Allowed-Child-Classes-Effective | allowedChildClassesEffective |
| ANR | aNR |
| Attribute-Types | attributeTypes |
| Canonical-Name | canonicalName |
| Create-Time-Stamp | createTimeStamp |
| DIT-Content-Rules | dITContentRules |
| Entry-TTL | entryTTL |
| Extended-Attribute-Info | extendedAttributeInfo |
| Extended-Class-Info | extendedClassInfo |
| From-Entry | fromEntry |
| Modify-Time-Stamp | modifyTimeStamp |
| ms-DS-Approx-Immed-Subordinates | msDS-Approx-Immed-Subordinates |
| ms-DS-Auxiliary-Classes | msDS-Auxiliary-Classes |
| ms-DS-isGC | msDS-isGC |
| ms-DS-Is-Member-Of-DL-Transitive | msDS-memberOfTransitive |
| ms-DS-isRODC | msDS-isRODC |
| ms-DS-Is-User-Cachable-At-Rodc | msDS-IsUserCachableAtRodc |
| ms-DS-KeyVersionNumber | msDS-KeyVersionNumber |
| ms-DS-Local-Effective-Deletion-Time | msDS-LocalEffectiveDeletionTime |
| ms-DS-Local-Effective-Recycle-Time | msDS-LocalEffectiveRecycleTime |
| ms-DS-ManagedPassword | msDS-ManagedPassword |
| ms-DS-Member-Transitive | msDS-Member-Transitive |
| ms-DS-NC-Repl-Cursors | msDS-NCReplCursors |
| ms-DS-NC-Repl-Inbound-Neighbors | msDS-NCReplInboundNeighbors |
| ms-DS-NC-Repl-Outbound-Neighbors | msDS-NCReplOutboundNeighbors |
| ms-DS-Parent-Dist-Name | msDS-ParentDistName |
| ms-DS-Principal-Name | msDS-PrincipalName |
| ms-DS-Quota-Effective | msDS-QuotaEffective |
| ms-DS-Quota-Used | msDS-QuotaUsed |
| ms-DS-Repl-Attribute-Meta-Data | msDS-ReplAttributeMetaData |
| ms-DS-Repl-Value-Meta-Data | msDS-ReplValueMetaData |
| ms-DS-Repl-Value-Meta-Data-Ext | msDS-ReplValueMetaDataExt |
| ms-DS-Resultant-PSO | msDS-ResultantPSO |
| ms-DS-Revealed-List | msDS-RevealedList |
| ms-DS-Revealed-List-BL | msDS-RevealedListBL |
| ms-DS-SiteName | msDS-SiteName |
| ms-DS-Token-Group-Names | msDS-TokenGroupNames |
| ms-DS-Token-Group-Names-Global-And-Universal | msDS-TokenGroupNamesGlobalAndUniversal |
| ms-DS-Token-Group-Names-No-GC-Acceptable | msds-tokenGroupNamesNoGCAcceptable |
| ms-DS-Top-Quota-Usage | msDS-TopQuotaUsage |
| ms-DS-User-Account-Control-Computed | msDS-User-Account-Control-Computed |
| ms-DS-User-Password-Expiry-Time-Computed | msDS-UserPasswordExpiryTimeComputed |
| Object-Classes | objectClasses |
| Parent-GUID | parentGUID |
| Possible-Inferiors | possibleInferiors |
| Primary-Group-Token | primaryGroupToken |
| SD-Rights-Effective | sDRightsEffective |
| Structural-Object-Class | structuralObjectClass |
| SubSchemaSubEntry | subSchemaSubEntry |
| Token-Groups | tokenGroups |
| Token-Groups-Global-And-Universal | tokenGroupsGlobalAndUniversal |
| Token-Groups-No-GC-Acceptable | tokenGroupsNoGCAcceptable |
Using a * wildcard with Get-adObject will not include any 'Constructed attributes' as they are not stored in the
directory, but instead calculated by a domain controller. If needed, these must be
explicitly specified.
Because these are calculated, running a request aganst different DNS servers may produce different results.
Early versions of Microsoft Windows Server/AD do not have all the attributes listed above.
“Je me suis appuyée à la beauté du monde. Et j’ai tenu l’odeur des saisons dans mes mains” ~ Anna de Noailles
Get-adObject - Get one or more AD objects.
List of LDAP properties for AD.