How To Get ALL Active Directory User Object Attributes |
您所在的位置:网站首页 › get user info fail › How To Get ALL Active Directory User Object Attributes |
|
A question came to me last week when I was doing a deep drill of Azure AD Connect user attribute mapping and replication: What attributes can an Active Directory user object possibly have? Not just the populated ones. Not just the ones visible in AD Users & Computers advanced view. But: ALL OF THEM! I looked around and found a couple of half answers.聽One post suggested looking at the mayContain and systemMayContain attributes of the User object in the AD Schema.聽Also, in forums you’ll see partial answers to this intriguing question. To get THE FULL answer you need to understand the way Active Directory schema classes inherit their attributes. Active Directory Classes and Attribute InheritanceIn the Active Directory schema you will find all definitions of classes and attributes. A class can be of three types: Structural – you can create an actual object from this type of classAbstract – you can inherit from this class but not create an objectAuxiliary – defines supplemental classes implemented by a classA class (of any type) may have up to four lists of attributes included in it’s definition. These lists are defined in the following class attributes: mayContainmustContainsystemMayContainsystemMustContainAdditionally, all classes inherit from a parent class (except the root of all classes, the “top” class). The following diagram shows you how the user class is designed in the Active Directory schema: |
| CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |