Active Directory LDAP Field Mappings

This page provides a mapping of common Active Directory fields to its LDAP attribute name. 

When using Active Directory users and computers you will see the Microsoft provided friendly names. Under the hood of Active Directory these fields are actually using an LDAP attribute. You can see the LDAP attribute name in the attribute editor. 

When working with scripts or creating a program you will need to use the LDAP attribute name. 

This page provides a visual reference of the LDAP field mappings in Active Directory. In addition, I created a table view for a quick reference. 

General Tab

Address Tab

Account Tab

Profile Tab

Telephones Tab

Organization Tab

LDAP Mappings Table View

TABActive Directory FieldLDAP Attribute
GeneralFirst NamegivenName
GeneralInitialsinitials
GeneralLast namesn
GeneralDisplay namedisplayName
GeneralDescriptiondescription
GeneralOfficephysicalDeliveryOfficeName
GeneralTelephone numbertelephoneNumber
GeneralE-mailmail
GeneralWeb pagewWWHomePage
AddressStreetstreetAddress
AddressP.O BoxpostOfficeBox
AddressCityl
AddressState/provinceSt
AddressZip/Postal CodepostalCode
AddressCounty/regionco
AccountUser logon nameuserPrincipalName
Accountuser logon name (pre-Windows 200)sAMAccountName
ProfileProfile pathprofilePath
ProfileLogon scriptscriptPath
ProfileLocal pathhomeDirectory
ProfileConnecthomeDrive
TelephonesHomehomePhone
TelephonesPagerpager
TelephonesMobileMobile
TelephonesFaxfacsimileTelephoneNumber
TelephonesIP PhoneipPhone
OrganizationJob Titletitle
OrganizationDepartmentdepartment
OrganizationCompanycompany
OrganizationManagermanager
OrganizationDirect Reportsdirectreports

Recommended Tool: Permissions Analyzer for Active Directory

Get instant visibility into user and group permissions in your Active Directory domain.

With Permissions Analyzer you can quickly view assigned and inherited permissions for any user or group.

Don’t let permission problems slow you down or put your data at risk. Get Permissions Analyzer for Active Directory today and take control of your permission management.

Download Free Tool

17 thoughts on “Active Directory LDAP Field Mappings”

  1. I believe there is a typo in the LDAP Mappings Table View. It is showing LDAP Attribute=telephoneNumber for the Active Directory Field=Office…

    LDAP Mappings Table View
    TAB Active Directory Field LDAP Attribute
    General First Name givenName
    General Initials initials
    General Last name sn
    General Display name displayName
    General Description description
    General Office telephoneNumber
    General Telephone number telephoneNumber
    General E-mail mail

    Reply
    • Avatar photo

      Good catch. I have updated the page.

      Reply
      • giveName should be givenName

        Reply
        • Avatar photo

          Thanks. I have updated it.

          Reply
  2. How do I get support? I have the AD Toolkit and the user update is not updating the proxy addresses correctly. I have examples

    Reply
  3. What is the ldap Atrribute for User cannot change password? and is it 1/0 or True/False?

    Reply
    • Avatar photo

      It is stored in the userAccountControl attribute. You would need to use an LDAP query to find it (&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))

      Reply
  4. In the example the “test.user003” at the top of each screen shot is the Canonical name object, correct?

    Reply
    • Avatar photo

      It is the common name or name. The canonical name looks like this ad.activedirectorypro.com/ADPRO Users/test-build2/test.user003

      Reply
  5. Incomplete. Where is “otherMailbox”?

    Reply
    • Avatar photo

      That attribute is not displayed in the GUI, you can view it by clicking on the Attribute Editor.

      Reply
  6. Hi, how can I do an ldap query that give me all the attributes of the result?
    thanks

    Reply
  7. Hi Robert,
    if I try to catch the displayName via SQL Server it returns another value than in the UI.

    Example:
    SQL-Server: firstname lastname
    UI: firstname lastname (Extern)

    Extern is a suffix which we add for external personell. And that is information I need.

    Statement:
    SELECT department, facsimileTelephoneNumber, mobile, LOWER(mail) COLLATE SQL_Latin1_General_CP437_CI_AI AS lower_mail, displayName, samAccountName, trim(userPrincipalName) COLLATE SQL_Latin1_General_CP437_CI_AI
    AS lower_username
    FROM OPENQUERY(ADSI,
    ‘SELECT userPrincipalName, samAccountName, displayName, mail, mobile, facsimileTelephoneNumber, department
    FROM ”LDAP://BITBWSD01.BITBW.BWL.NET/OU=BITBW,OU=Dienststellen,DC=BITBW,DC=BWL,DC=NET”
    WHERE objectClass = ”User”
    ‘)
    AS derivedtbl_1
    WHERE (trim(userPrincipalName) COLLATE SQL_Latin1_General_CP437_CI_AI IS NOT NULL)

    Any Idea why this is different?

    Have a great day!
    Lars

    Reply
  8. Hey where can I get account expires?

    Reply
    • Avatar photo

      It is the accountExpires attribute. You can view it from the Attribute Editor tab.

      Reply
  9. what is attribute for Disabled users

    Reply

Leave a Comment