There are times when a network admin or developer needs to access certain properties of Active Directory user accounts, and some of the properties may not visible in the MMC console. But how do you know which properties and methods are available for the User object in AD? It can be quite difficult to find documentation on this topic, but there is a site on MSDN which lists all methods and properties for the IDSUser object available through ADSI for access through scripts and applications:
http://msdn.microsoft.com/en-us/library/aa746340(VS.85).aspx
What this section does not tell you is what are the types of these fields – string, array, etc. For example, the Description field is not a string, it’s a an array of strings. If you try to access an array field with a script that uses a string variable, it will inevitably fail.
How do you find that out? You can find it out by running WMI CIM Studio on your server. Download it here:
Install WMI CIM studio on your Windows Server machine and connect it to the following namespace on your domain controller:
\\YOUR_DOMAIN_CONTROLLER\root\directory\LDAP
When connected, navigate to this location:
DS_LDAP_Root_Class > ds_top > ads_person > ads_organizationalperson
The user properties and their corresponding types will be listed in the right pane.
The SharePoint Nomad
0 Responses to “How to discover properties for Active Directory user accounts”