This page provides a mapping of common Active Directory fields to its LDAP attribute name.
When using Active Directory users and computers you will see the Microsoft provided friendly names. Under the hood of Active Directory these fields are actually using an LDAP attribute. You can see the LDAP attribute name in the attribute editor.
When working with scripts or creating a program you will need to use the LDAP attribute name.
This page provides a visual reference of the LDAP field mappings in Active Directory. In addition, I created a table view for a quick reference.
General Tab
Address Tab
Account Tab
Profile Tab
Telephones Tab
Organization Tab
LDAP Mappings Table View
| TAB | Active Directory Field | LDAP Attribute |
| General | First Name | givenName |
| General | Initials | initials |
| General | Last name | sn |
| General | Display name | displayName |
| General | Description | description |
| General | Office | physicalDeliveryOfficeName |
| General | Telephone number | telephoneNumber |
| General | ||
| General | Web page | wWWHomePage |
| Address | Street | streetAddress |
| Address | P.O Box | postOfficeBox |
| Address | City | l |
| Address | State/province | St |
| Address | Zip/Postal Code | postalCode |
| Address | County/region | co |
| Account | User logon name | userPrincipalName |
| Account | user logon name (pre-Windows 200) | sAMAccountName |
| Profile | Profile path | profilePath |
| Profile | Logon script | scriptPath |
| Profile | Local path | homeDirectory |
| Profile | Connect | homeDrive |
| Telephones | Home | homePhone |
| Telephones | Pager | pager |
| Telephones | Mobile | Mobile |
| Telephones | Fax | facsimileTelephoneNumber |
| Telephones | IP Phone | ipPhone |
| Organization | Job Title | title |
| Organization | Department | department |
| Organization | Company | company |
| Organization | Manager | manager |
| Organization | Direct Reports | directreports |
A BIG thank you!
Do you happen to know whether there is a complete, definitive list of data available LDAP query (via ADSI)? Struggling to see what is possible.
many thanks. if you need to hide some attributes there are some other “hidden” fields eg otherHomePhone, otherPager, otherMobile, otherFacsimileTelephoneNumber, otherIpPhone, otherTelephone
This is SO helpful and awesome layout with the LDAP field names in the actual AD screen fields. I salute you!
Thank Mike.
what are the User search field
Trying to get a Attribute that is o under the Attribute Editor how do I pull that information that is not standard fields
What is the LDAP attribute for “Manageable” field in Active Directory?
what is attribute for Disabled users
userAccountControl attribute.
For reference:
https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/useraccountcontrol-manipulate-account-properties
I also have a table here with all of the values.
https://activedirectorypro.com/useraccountcontrol-check-and-manage-attribute-value/
Hey where can I get account expires?
It is the accountExpires attribute. You can view it from the Attribute Editor tab.
Hi, how can I do an ldap query that give me all the attributes of the result?
thanks
Incomplete. Where is “otherMailbox”?
That attribute is not displayed in the GUI, you can view it by clicking on the Attribute Editor.
In the example the “test.user003” at the top of each screen shot is the Canonical name object, correct?
It is the common name or name. The canonical name looks like this ad.activedirectorypro.com/ADPRO Users/test-build2/test.user003
What is the ldap Atrribute for User cannot change password? and is it 1/0 or True/False?
It is stored in the userAccountControl attribute. You would need to use an LDAP query to find it (&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))
How do I get support? I have the AD Toolkit and the user update is not updating the proxy addresses correctly. I have examples
https://activedirectorypro.com/contact/
I believe there is a typo in the LDAP Mappings Table View. It is showing LDAP Attribute=telephoneNumber for the Active Directory Field=Office…
LDAP Mappings Table View
TAB Active Directory Field LDAP Attribute
General First Name givenName
General Initials initials
General Last name sn
General Display name displayName
General Description description
General Office telephoneNumber
General Telephone number telephoneNumber
General E-mail mail
Good catch. I have updated the page.
giveName should be givenName
Thanks. I have updated it.