.NET Active Directory Wrapper    
Access Active Directory From Your C# or VB .Net Code

Understanding LDAP Active Directory User Object Properties

This article will explain the various properties of the User object found in Active Directory. Knowing and understanding those properties is important when writing LDAP scripts either using VBS scripts, .NET code or using command line tools such as CSVDE and LDIFDE. Those properties will give you the ability to modify or read properties of Active Directory user objects such as First Name, Last Name, UserID, Phone Numbers, etc.

One of the most important LDAP attributes or properties is the Distinguished Name (DN). This property is used to uniquely identify an object in LDAP meaning that no two objects could have the same Distinguisehd Name. In order to change other properties of an object the object must first be identified and that is done using the DN.

So how is the Distinguished Name define? The distinguished name is broken into few components:
CN for Common Name
OU for Orginazational Unit
DC for Domain Content which is usually composed of two entries

The table below details out the most common attributes for the user objects of Active Directory:

LDAP Active Directory Properties/Attributes
LDAP Property Description

DN Stands for distinguisehd name. This is the unique identifier for any object in AD. An example value would be:

CN=Joe User, OU=Las Vegas, DC=mycompany,DC=com

Note that when identifying a DN value in your script you will likely be required to enclose the line above with double quotes (") so it would look like this:

"CN=Joe User, OU=Las Vegas, DC=mycompany,DC=com"

CN CN = Joe User
CN stands for Common Name. This property is a combination of the givenName and SN attributes joined together

displayName = Joe User
Note that displayName and CN are often confused for each other.

description Note that this is different from displayName
givenName The first name of the user
homeDrive Home Folder
name name = Joe User. The same as CN
ObjectClass objectClass = User
Identifies what type of object is selected. Other values are: Computer, orgnizationalUnit, container, group

objectClass = Person
Defines what schema category that object belongs to.

physcialDeliveryOfficeName The office field of the user property
profilePath Roaming profile path: connect. Setup is a bit tricky
sAMAccountName sAMAAccountName = jUser
This is an old NT 4.0 logon ID. This value must be unique in the domain.
SN SN = User
This is the last name of the user. SN stands for surname
userAccountControl This property is used to enable or disable a user account. A value of 514 means that account is disabled. A value of 512 means the account is enabled.
userPrincipleName userPrincipleName = juser@lasvegas.com
This property is useful for logging in a large forest Active Directory architecutre. This is also a unique property throught the forest. This property is often abbreviated as UPN.

mail = juser@lasvegas.com
the email property of the user

C Country or Region
company Name of Company or Organization
department Department

Location. Used mainly with printers
That is a lower case (L)

mobile Cell phone or mobile phone number
OU Orgnizational Unit
postalCode Zip or post code
st State or province
streetAddress Street address, not including country or state
telephoneNumber Office Phone

A computed attribute that contains the list of SIDs due to a transitive group membership expansion operation on a given user or computer. Token Groups cannot be retrieved if no Global Catalog is present to retrieve the transitive reverse memberships.

More Info